Privacy policy

Disclosure pursuant to articles 13 and 14 of Regulation no. 679/2016/EU

Last Update: 16/03/2023 – V. 1

Data controller

As a user (“User”) of the website www.forniturealberghiereshop.it and related e-commerce www.forniturealberghiereshop.it/negozio (the "Website"), your personal data will be processed by Sades Impianti Srl, with registered office in via Caduti 14 September 1944 n. 5 in Belluno, Fiscal Code and VAT number 00223130253 (hereinafter the "Holder”) in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR") and of Legislative Decree no. 196/2003 (so-called Privacy Code).

You can contact the Owner by writing to the email address [email protected]

Purpose and legal basis of the processing

Your data will be processed for the following purposes:

  1. Registration on the site, creation and management of the personal account, access to the reserved area.

Legal basis: Execution of pre-contractual and contractual measures pursuant to art. 6.1(b) of the GDPR.

  1. Taking charge and fulfillment of orders placed through e-commerce, as well as management of the related payments.

Legal basis: Execution of pre-contractual and contractual measures pursuant to art. 6.1(b) of the GDPR.

  1. Sending of quotes.

Legal basis: Execution of pre-contractual and contractual measures pursuant to art. 6.1(b) of the GDPR.

  1. Management and processing of requests for information sent via the appropriate form on the Site or via chatbot.

Legal basis: Execution of pre-contractual and contractual measures pursuant to art. 6.1(b) of the GDPR.

  1. Management and fulfillment of requests for technical assistance formulated using the appropriate form on the Site.

Legal basis: Execution of pre-contractual and contractual measures pursuant to art. 6.1(b) of the GDPR.

  1. Management and fulfillment of return requests formulated using the appropriate form on the Site.

Legal basis: Execution of pre-contractual and contractual measures pursuant to art. 6.1(b) of the GDPR.

  1. Sending communications for marketing purposes using the following means (email, sms, instant messaging, social networks, paper mail).

Legal basis: consent pursuant to art. 6.1(a) of the GDPR.

  1. Subscribe to the newsletter.

Legal basis: consent pursuant to art. 6.1(a) of the GDPR.

  1. Sending commercial information by email or paper mail regarding products and services similar to those purchased (so-called soft spam).

Legal basis: legitimate interest consisting in offering the customer services of probable interest pursuant to art. 6.1 (f) GDPR; art. 130.4, Legislative Decree 196/2003.

  1. Fulfillment of legal, accounting and tax obligations.

Legal basis: legal obligation pursuant to art. 6.1(c) of the GDPR.

  1. Prevention of fraudulent activities to the detriment of the Owner.

Legal basis: legitimate interest of the Data Controller not to suffer damages or violations of his rights and interests pursuant to art. 6.1(f) of the GDPR.

  1. Exercise of the Owner's rights before the Judicial Authority.

Legal basis: legitimate interest of the Data Controller to ensure the protection of his rights pursuant to art. 6.1(f) of the GDPR.

The provision of your personal data for purposes A), B), C), D), E), F) is mandatory. In the event of failure to provide such information, we will not be able to accept the requests you formulate (such as taking charge and/or fulfilling orders formulated through e-commerce, sending information or estimates, processing requests for assistance and made).

The provision of your personal data for purposes G), H) is optional. This consent can be revoked by you at any time, without this causing any prejudice or obstacle to the provision of the activities referred to in letters A) - F).

The provision of data for purposes I), K), L) is necessary in order to allow the Data Controller to satisfy its legitimate interest.

The provision of data for the purpose J) is mandatory in order to allow the Data Controller to comply with the regulatory obligations to which he is subject.

Personal data processed

The following types of data are processed:

  • personal information (name, surname, tax code);
  • contact details (telephone number, email address);
  • financial data (IBAN code, credit card);
  • navigation data (IP address, domain names of the computers you use, URI - Uniform Resource Identifier of the requested resources, time of the request).

If you provide data referring to third parties, any indication of such data represents a processing of personal data with respect to which you assume all the legal obligations and responsibilities envisaged by the Data Controller. In such cases, you guarantee that any data referring to third parties have been acquired by you in full compliance with current legislation.

Data retention period

The data processed for purpose A) will be kept until the account is closed for any reason (e.g. termination of the contractual relationship, request by the interested party).

The data processed for purposes B), C), D), E), F) will be kept for the time strictly necessary to process the requests or orders received.

The data processed for purposes G) and H) will be kept until you revoke your consent and in any case no later than 24 months from the date of the last contact.

The data processed for purpose I) will be kept until your possible opposition (so-called opt-out).

The data processed for the purpose J) will be kept for as long as required by the specific obligation or applicable law.

The data processed for the purpose K), L) will be kept for the time strictly necessary for the achievement of the legitimate interest by the Data Controller.

Treatment Mode

The processing takes place using automated and/or manual IT and telematic tools designed to guarantee the security measures suitable for preventing access, disclosure, loss, incorrect, illicit or unauthorized use of the data.

Access to data

The User's personal data will be processed by the internal staff of the Data Controller specifically authorized pursuant to art. 29 of the GDPR.

Personal data may also be shared with the following external parties:

  1. Internet service providers and platforms used by the Data Controller as organization tools, communication and/or promotion channels (eg Mailchimp for managing the newsletter, whose privacy policy is available at the following link);
  2. consultants and other service providers who carry out activities on behalf of the Data Controller and who need to know this information to provide these services (eg job consultant, accountant);
  3. public subjects to whom such data must be communicated compulsorily due to legal provisions or orders from the Authority.

These subjects act as independent data controllers or data processors. In the latter case, the Data Controller has entered into a specific agreement pursuant to art. 28 GDPR (Appointment as Data Processor).

The list of data processors is available by sending a request to the Data Controller at the following email address: [email protected]

Place of Data Processing

Personal data is processed at the Data Controller's headquarters, as well as on the servers hosting the Site, which are located in the EU. With regard to the data processed and stored at its headquarters, the Data Controller guarantees the adoption of adequate technical and organizational measures to guarantee an adequate level of security.

The Data Controller guarantees that when suppliers established outside the EEA are used, the processing of personal data by these subjects is carried out in compliance with the applicable law. The transfers are carried out in compliance with adequate guarantees, such as adequacy decisions, standard contractual clauses approved by the European Commission or other guarantees foreseen by the GDPR.

Rights of the interested party

The User can exercise all the rights foreseen by the articles 15-21 of the GDPR at any time and without unjustified limitations.

Requests are filed free of charge and processed by the Data Controller within 30 days of the date of receipt. In particular, the User can:

  • obtain confirmation that personal data is being processed and have access to such data;
  • obtain the rectification of inaccurate data and the integration of incomplete ones;
  • obtain the deletion of data without unjustified delay;
  • obtain the temporary limitation of the treatment;
  • obtain a copy of the personal data held by the Data Controller, in a commonly used format and readable by an automatic device;
  • obtain the unhindered transfer of this data to another Controller;
  • oppose the processing of personal data at any time;
  • with regard to the purposes of the processing that are based on consent, revoke this consent at any time.

The User can contact the Owner directly, by contacting him at the email address [email protected]

Claims

The User can always lodge a complaint with the competent Authority (Guarantor for the Protection of Personal Data), pursuant to Art. 77 of the GDPR, if he believes that the Data Controller processes his personal data in violation of the applicable legislation.

Modification

The Data Controller reserves the right to modify and update this Privacy Policy following the entry into force of any new provision of national or European law regarding the protection of personal data.