Personal data is defined as any information relating to an identified or identifiable natural person (“data subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.
Personal data is information such as name, email address or telephone number, but also information about hobbies, memberships or which other websites were visited by the data subject.
We only collect, use and share personal data in accordance with what is legally permissible, and with the user’s consent. Consent is any voluntarily given, unambiguous statement of agreement in a specific case, given in an informed manner in the form of a statement, or other clearly affirming consenting action, with which the data subject indicates that they agree to the processing of their personal data.
We (or the webspace provider) collect data on each of your visit to the federico pazienza website (this data is referred to as “server log files”) (“access data”). This access data includes: name of the website accessed, file, date and time of access, volume of data transmitted, protocol on successfully access, browser type and version, the user’s operating system, referrer URL (i.e. page previously visited), IP address and the requesting provider. If the user is using a mobile device, the access data additionally comprises: country code, language, name of device, name of operating system and version, GPS location data.
We use this access data only for statistical evaluations for the purpose of operation, security and optimization of our offer on our website. However, reserve the right to review these data at a later date, if concrete indications of unlawful use become known to us. This data is then stored as it is understood to be the only way to prevent misuse of our offer; if necessary this data will be reviewed to investigate past offenses. In this regard, since we are the party responsible for data processing, storing this data is necessary to ensure our security. This data will not be shared with third parties unless required by law or for the purpose of criminal prosecution.
When you contact us (for example by email), also outside of a contractual relationship with us, your details will be stored for the purpose of processing the request as well as in the event that follow-up questions arise.
In general, the legal basis for data processing of data when using our website and services is Art. 6 (1) b. GDPR, i.e. the data is processed insofar as it is required to fulfill the sales contract between you and us or to fulfill pre-contractual measures that you requested. Art. 6 (1) a. GDPR is also the legal basis for the processing of data for specific purposes, provided and to the extent that you and/or the data subject have given their prior consent.
Art. 6 (1) c. GDPR is also the legal basis for any processing of your data by us when this is required to fulfill a legal obligation to which we and/or other responsible persons are subject. This can be the case for example when our data is collected when you visit our web page, if we choose this method to ensure security of our website and services.
Data processing may also be carried out on the basis of Art. 6 (1) e. GDPR, if this is necessary to perform a legal obligation in the public interest or in the exercise of official authority that we or the responsible party have been vested in.
Moreover, Art. 6 (1) f. GDPR also forms the legal basis for example when data is collected when visiting the federico pazienza website or when data is transmitted to our shareholders and external service providers. The processing takes place if it is necessary to safeguard our legitimate interests and does not outweigh your interests, fundamental rights and fundamental freedoms that might require the protection of personal data.
A legitimate interest is to be assumed in the case of a legitimate relationship between you (or the person in question) and us (or the responsible party), i.e. if you are a customer and/or user of our website and services.
For further details we refer to the explanations of processing operations in this privacy statement.
We do not use profiling or automated decision-making when you visit our website and use our services. However, in individual cases it is possible that such profiling is carried out by the third-party providers we use. We point this out as much as possible in this privacy statement.
“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
Examples of such profiling include the analysis of data (e.g. on the basis of statistical methods) with the aim of displaying personalised advertising to the user or giving shopping tips.
The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them. This does not apply if the decision (i) is necessary for the conclusion or performance of a contract between the data subject and the data controller, (ii) is required by EU law or law of its member states to which the data controller is subject and such law contains appropriate measures to safeguard the rights, freedoms and legitimate interests of the data subject or (iii) with explicit consent of the data subject. In these exceptions, the responsible party takes appropriate measures to safeguard the data subject’s rights, freedoms and legitimate interests, including at least the right to obtain the intervention of a person by the data controller, to state their own position and to challenge the decision.
We only transfer personal data to third parties insofar as it is necessary in the framework of fulfilling the terms of the agreement and only within the scope stated in this privacy statement. Furthermore, data is only transmitted if we are legally obliged to do so or if the person concerned has given their consent and has not revoked it, or if this is necessary to enforce our rights. In some cases, processing may take place in other EU countries, but we make sure that the level of data protection is always in compliance with EU requirements.
We work together with external service providers that support us in carrying out the online or offline steps necessary to execution of our service. We only transfer personal data to third parties insofar as it is permissible by law (i.e. in order to execution our service on the website, in accordance with Art. 6 (1) b. GDPR) or with your given consent (in accordance with Art. 6 (1) a. GDPR) or if you instruct us to do so. Please contact email@example.com for more information.
This relates for example to the transmission of data to our shipping service provider(s). Moreover, as part of our affiliate program, we may share information with our affiliate partners who use the information on our behalf for marketing purposes and to improve our services. These affiliate partners process the data exclusively within the EU and in compliance with the relevant legal bases. Among other things, the affiliate partners receive the customer’s ID.
Every user has a right to access the personal data stored about their person at any time and free of charge.
This right of access to stored personal data includes the right to know whether personal data concerning the data subject is being processed and, if so, the following related information:
purpose(s) of data processing; categories of personal data being processed; recipient(s) or categories of recipient(s) who the personal data has been disclosed to or is currently being disclosed to, especially in the case of recipients established in third countries or international organisations;
if possible the planned duration that personal data is to be stored for, or, if this is not possible to tell, the criteria that determine this duration;
the existence of a right of correction or deletion of the user’s personal data or restrictions of processing by the party responsible or of a right of opposition to such processing; the existence of a right to lodge complaints with a regulatory authority;
if the personal data is not collected from the data subject themselves, all available information about the data’s origin; the existence of automated decision-making including profiling (according to GDPR) and – at least in these cases – relevant information about the applied logic as well as the scope and the intended effects of such processing for the data subject.
The right of access to stored personal data does not exist if the data is only stored because it may not be deleted by reason of statutory, constitutional and contractual regulations on retention and for data backup and data protection control, and if therefore the provision of information would require disproportionate effort, and if appropriate technical and organizational measures preclude processing of personal data for further purposes.
The user has the right to revoke their consent regarding the use, processing or transmission of their data at any time. To this end the user can contact us at firstname.lastname@example.org.
In the case of the withdrawal of your consent for the storing, processing and use of your personal data, we will immediately delete all of your saved data. This does not apply if compelling legitimate grounds are given for processing that outweigh your interests, fundamental rights and fundamental freedoms or if data processing is required to establish, exercise or defend legal claims.
We will therefore continue to use this data, for example, if it is still necessary for the implementation of the contractual relationship, for example.
You have the right to have any inaccurate personal data immediately corrected. You have the right to request the rectification of your personal data (for example by submitting an explanation about the inaccuracy of the data) in view of the given processing purposes. For this purpose please contact email@example.com.
You have the right to demand that we delete your personal data immediately. For this, please contact firstname.lastname@example.org
Your personal data will be deleted immediately in the following cases:
if we no longer need your personal data for the purposes for which they were initially collected or otherwise processed;
if you revoke your consent that formed the basis for the processing, and there is no other legal basis for processing;
if you object to the processing and there are no proper overriding legitimate reasons for processing;
if the personal data has been unlawfully collected;
if the deletion of the personal data is required to fulfil a legal obligation under EU law or the law of the Member States to which we are subject;
if the personal data relating to information society services offered directly was collected from a child under 16 years of age without parental consent.
Data will not be deleted if processing of the data is necessary (i) to perform a legal obligation in the public interest or in the exercise of official authority that we have been vested in; (ii) to exercise the right to free speech and information; (iii) on grounds of public interest in the field of public health; or (iv) for archival purposes in the public interest, for scientific or historical research purposes or for statistical purposes, if the right to deletion presents a serious obstacle to reaching the objectives of this processing or makes it.
In the case of non-automated data processing, data need not be deleted if it this would require disproportionate effort or if it is impossible, and if your interest in deleting is seen as small. In this case, data processing will be restricted instead of the data erased.
Moreover, we will restrict data processing rather than delete the data as long and as far as we have reason to believe that erasure would adversely affect legitimate interests of the data subject. We will inform the data subject of the restriction of processing if doing so is not impossible or would not involve a disproportionate effort.
Please also refer to the following sections 4.5 below.
You have the right to request us to restrict the processing of your personal data if one of the following conditions is met: (i) The accuracy of the personal data is disputed by you for a period that enables us to verify the accuracy of the personal data; (ii) The processing is unlawful, you refuse to delete the personal data and instead demand a restriction on the use of the personal data; (iii) We no longer need the personal data for the purposes of processing, you need the data to assert, exercise or defend legal claims; or (iv) You have filed an objection against the processing and it is not yet clear whether the legitimate reasons of our company outweigh your legitimate reasons for the objection. If the above conditions are met and you wish to have your personal data stored by us restricted, you can contact us at email@example.com at any time. We will then arrange for processing to be restricted. If you have been confirmed that the processing of your personal data is restricted, we will inform you in advance if we lift this restriction again.
Instead of personal data being deleted, its processing may be restricted. Please refer to the previous section for more details.
You have the right to receive your personal data (that you have provided to us) in a structured, commonly used and machine-readable format. For this, please contact us at firstname.lastname@example.org. You also have the right to transmit those data to another controller without hindrance from us (who was provided with the personal data), provided that the processing is based on consent or on a contract to which the data subject is a party and provided that the processing is carried out by automated means.
In exercising your right to data portability, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
This right shall apply if it adversely affects the rights and freedoms of others, or if processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Please contact us by email at email@example.com if you have any questions about data protection.