The General Data Protection Regulation (or, in short, GDPR) is a positive step towards people to have more control over how personal data are used. On 25 May 2018 this new legislation comes into force and we have modified a series of processes and policies to prepare our business. We are committed to protecting and respecting the personal information that is shared with us. This statement describes what types of information we collect, how they are used, how we share with other organizations, how rights can be exercised regarding the information we hold and how we can contact our reality.
With regard to direct marketing communications, it will always be possible to inform us to stop these activities. We will never send “unwanted” emails or communications and will not share data with anyone else. We do not resell the information to third parties, but we work closely with selected partners who help us to provide information, products and services that are required.
The content of this policy may change from time to time, so you may need to check this page occasionally to ensure that information is shared. Where possible, we will look for a direct contact to inform about any new changes.
WHAT INFORMATION ARE COLLECTED?
We collect personal information through the site, applications or direct contact. We only collect information that is necessary, relevant and appropriate for the purpose for which it is provided.
The information we collect may include some or all of the following:
- Identity data: includes name, surname, user name or similar identifier and title.
- Contact information: include billing address, delivery address, e-mail address and telephone numbers.
- Financial data: includes details of the bank account and payment card collected solely for the purpose of completing the purchase.
- Transaction data: include details about payments to and from the customer / supplier and other details about the products and services that are purchased or sold.
- Profile data: includes purchases or orders placed, any social profiles (if applicable), preferences, feedback, communications and responses to internal surveys and your password and username if applicable (customer portal).
- Usage data: include information on how the website is used, products and services.
- Marketing and communication data: include preferences in receiving marketing communications and from third parties and communication preferences.
- Technical data: include the Internet Protocol (IP) address, the access data, the type and version of the browser, the time zone setting and the browser plug-in location, types and versions, the system operational and platform and other technologies on devices used to access corporate websites.
HOW DO WE USE THE INFORMATION THAT IS COLLECTED?
Only the information necessary for the purpose for which it was collected is processed. You are given the option of not receiving marketing communications from us (and consent may be withdrawn at any time). No “unwanted” emails or communications are sent and data is not shared with anyone else, except to carry out the purchase or sale contract. Personal data are used exclusively for the purposes and legal bases indicated in the following table:
|Purpose(s) for processing||Legal bases for processing data|
|We may use and process personal information where this is necessary to execute a contract and to fulfill and complete orders, purchases and other transactions entered into with the writer and for contractual performance analysis.
||Processing is necessary for the execution of a contract or to stipulate a contract.|
||Consent can be withdrown at any time.|
||Processing is necessary to support legitimate business interests in the management of our business. Please note that you have the right to object to the processing of personal data carried out for our legitimate interest. That is, the right to object at any time remains assured.
|For the prevention and detection of fraud, money laundering or other crimes or for the purpose of responding to a binding request from a public authority or a court.||The data treatment policy is necessary to comply with legal and regulatory obligation,|
|We may have to process personal information to contact you if you have an urgent security notice.||In rare cases of vital interest|
HOW DO WE SHARE THIS INFORMATION?
We do not sell information to third parties. However, we may from time to time disclose the information to the following categories of companies or organizations that we are responsible for managing services on our behalf: support service providers, customer contact centers, agencies and direct marketing consultants, market research and market analysis service providers, our legal advisors and other professionals.
We work to ensure that all third-party partners who manage the information comply with data protection legislation and protect information just like we do. We only disclose personal information STRICTLY necessary to provide the service we are undertaking on our behalf. We will aim to anonymize information or use specific aggregated data sets where ever possible.
HOW LONG DO WE KEEP THE INFORMATION?
We will not store personal information in an identifying format for a longer period than necessary. For customers or suppliers, we will retain personal information for a longer period of time than processing potential customers / suppliers.
However, we do not store personal information in an identifying format longer than necessary.
In the case of a continuous relationship (for example, a customer), we retain personal information for 10 years from the date on which our report ends. We retain personal information for this period to establish, bring or defend any legal claims. Our relationship could end for a variety of reasons.
Where we have obtained personal information following a request for information, brochures, quotations or any other information about any of our products or services, we store your personal information for 1 year and 6 months from the date we collect this information, unless that during this period an effective relationship is created, for example, a purchase. We will continue to process this data in line with the initial request for 6 months, so that we can establish a relationship with the potential customer / supplier. After this period the data will remain pending for 1 year before being removed, unless a report is formed within this time.
The only exceptions to the periods mentioned above are where:
- the law requires to keep personal information for a longer period, or to delete it first;
- in the event that you have raised a complaint or concern about a product or service offered, in which case we will retain your information for a period of 10 years from the date of that claim or request; or
- you exercise the right to delete information (where applicable) and you do not need to keep it in relation to one of the reasons allowed or required by law
HOW INFORMATION CAN BE MANAGED
Each individual has the right as an individual to access personal information and make corrections if necessary. You also have the right to revoke the consent you have previously provided to us and to request that we delete the information we retain. You may also object to the use of personal information (where we rely on our business interests to process and use such personal information).
There are a number of rights in relation to personal information under the Data Protection Act. In relation to most of the rights, we will request information to confirm the identity and, where applicable, to help us search for personal information. Except in rare cases, we will respond within 30 days of receipt of your request.
Users have the following rights:
- Request a copy of the information we have in our possession;
- Correct and update your information;
- Withdraw consent. Please see “How we use this information”;
- Subject to our use of user information (where we rely on our legitimate interests to use your personal information), provided that there are no legitimate reasons for continuing to use and process information. When we rely on our legitimate interests to use your personal information for direct marketing, we will always respect the right to object;
- Delete your information (or limit its use), provided that there are no legitimate reasons for continuing to use and process such information;
- Transferring the information to a structured data file (in a format commonly used and readable by the machine), in which we entrust the consent to use and process personal information or to process it in relation to the contract.
In the case of a subject access request or a request for information, please be aware that if the request is unfounded or excessive, we may still charge a fee or refuse to act on the request.
Please also note that when we remove data from our system, or after the time periods indicated earlier in this document or upon request, the data is permanently removed from our system and may affect any subsequent access requests.
It is possible to exercise the above rights and / or manage the information by contacting us, using the details below:
|Address:||V.le San Michele del Carso, 22 – 20144 Milano (Italy)|
If you have specific questions about data protection or a complaint, you can contact our data protection team at the address firstname.lastname@example.org
WHERE WE STORE PERSONAL DATA
If you refuse a cookie, this may prevent the site from functioning properly or even prevent access to certain areas.
Header photo © Lianhao Qu / Unsplash