PRIVACY POLICY

In compliance with what is established by Articles 13 and 14 of EU Regulation no. 2016/679 (GDPR), this website respects and protects the confidentiality of visitors and users, making every effort possible and proportionate so as not to damage users’ rights. The following information is intended for all those who visit and interact with this e-commerce site of SMAPP SpA on which it is possible to purchase products online (web Store). This Privacy Policy is intended for:

 Data Controller

The Data Controller, being the legal person that determines the purposes and means of processing personal data, is SMAPP Spa, with registered office in Trezzano S/N (MI), Via Circonvallazione 7, 20090 in the person of its legal representative Luigi Pasini. For the Facebook page, SMAPP Spa is the Co-Data statistical Controller jointly with Facebook Ireland Limited (“Facebook Ireland”).

Data collection methods

This website has two methods of collecting users’ data.

 Data provided voluntarily

The website can collect other data in case of voluntary use of services by users, such as communication services (contacts and Work with Us forms), and will be used exclusively to provide the requested service:

  • name, surname, address, telephone number, date of birth, profession, tax identification number, VAT number
  • invoicing data
  • credit card or other means of payment data (e.g. IBAN in case of bank transfer)
  • e-mail address.

 Automated data collection

The following information can be collected when users are browsing, which is stored in the server log files (hosting) of the site:

  • internet protocol address (IP);
  • type of browser;
  • parameters of the device used to connect to the site;
  • name of the internet service provider (ISP);
  • date and time of visit;
  • visitor’s web page (referral) and exit page;
  • the number of clicks where relevant.

This data is used for statistical and analysis purposes, in an exclusively aggregated and anonymous manner and to check the correct operation of the site, to identify anomalies and/or misuse and is deleted immediately after processing. The data may be used to ascertain the liability in the event of hypothetical computer crimes to damage the site or third parties.

Cookies

Cookies consist of portions of code installed within the browser that assist the Controller in providing the service based on the purposes described. Some of the purposes of installing cookies may also require the User’s consent. For further details on the type of cookies and the consent related to them, the User is invited to read the website Cookie Policy.

 Processing purposes, type of data collected, legal basis of the processing, data retainment period

#PROCESSING PURPOSESTYPE OF DATA COLLECTEDLEGAL BASIS OF THE PROCESSINGDATA RETAINMENT PERIOD
1
  • allow browsing on the website and on the social media pages mentioned in this privacy policy, including the security management of the Website

  • allow browsing on the website and on the social media pages mentioned in this privacy policy, including the security management of the Website• interaction with social networks

  • allow the registration to the Store and the use of services reserved for registered users, including the possibility of buying online through the Store

  • manage orders and carry out related activities (e.g.: customer sales and after-sales assistance, communications with the customer on the order status, responses to their requests for information, management of shipments, payments etc.); management of user account

  • internet protocol address (IP);

  • type of browser;

  • parameters of the device used to connect to the site;

  • name of the internet service provider (ISP);

  • date and time of visit;

  • visitor’s web page (referral) and exit page;

  • the number of clicks where relevant.

  • payment data: bank details, card number etc.

  • follow up specific user requests (e.g. specific information request through the “contact” form or using the e-mail entered on the website)

Article 6.1., letter b of European Regulation: processing is necessary for the execution of a contract of which the data subject is a part

Contract duration and, after termination, for the ordinary limitation period of 10 years. In the case of litigation, for the entire duration of it, until the terms of enforceability of the appeal actions are exhausted. The payment data may only be kept for the time necessary to complete the payment transaction

2

Fulfill obligations under applicable regulations and national and supranational legislation

Personal data, contact details, administrative-accounting data

Article 6.1., letter c of European Regulation: processing is necessary to fulfil a legal obligation to which the Data Controller is subject del processing

10 years

3

If necessary, to ascertain, exercise or defend the rights of joint Controllers in court

Personal data, contact details, administrative-accounting data

Article 6.1., letter f of European Regulation: Legitimate interests of the Controller

10 years

4

Submit newsletter

Contact details: e-mail, name

Article 6.1., letter b of European Regulation: processing is necessary for the execution of a contract of which you are a part

10 years

5

Profiling: analysis of your preferences, processing of your personal data, as well as consumption habits, interests, behavior, market studies and statistical analysis in fully or partially automated manners, in order to offer you the best offers conforming to your personal needs and carrying out targeted promotion actions. These profiling activities can be entrusted to external companies named External Data Processors.

Personal data, contact details, data relating to orders placed, administrative-accounting data, data collected from the cookies installed by the Sites

Article 6.1., letter a of European Regulation: Consent

Until the withdrawal of the consent and/or the request to obtain the cessation of the processing. In any case, profiling activities will take into consideration only the data recorded in the last 12 months.

6

Direct marketing: sending, with automated contact methods (such as SMS and e-mail) and traditional (such as telephone calls with operator, paper mail), promotional and commercial communications relating to products offered by SMAPP SpA also through the use of results of the analysis and segmentation activities if you have also given consent to the profiling activity.

Personal data, contact details, data relating to orders placed, administrative-accounting data, data collected from the cookies installed by the Sites and on social networks

Article 6.1., letter a of European Regulation: Consent

Until the withdrawal of the consent and/or the request to obtain the cessation of the processing. If you have consented to the profiling of this Information, the marketing activities, based on profiling, will take into consideration only the data recorded in the last 24 months.

7

Analysis of website usage using Google Analytics with anonymized IP

Date of usage, cookies

Article 6.1. letter f of European Regulation: Legitimate interest of the Controller

session

8

Remarketing and Behavioural Targeting

Date of usage, cookies

Article 6.1., letter a of European Regulation: Consent

session

 

Statistics, Remarketing and Behavioral Targeting

Google Analytics

This website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses “cookies”, which are text files stored on the user’s computer allowing analysis on the use that the user has made of the website. The information produced by cookies on the use of this website will be transmitted to and stored on a Google server in the United States. This website uses Google Analytics with the extension “_anonymizeIp ()”. Consequently, IP addresses are processed only in abbreviated form to prevent direct connection to an individual. In case of IP anonymization activated on this website, your IP address will however be abbreviated in advance in the member states of the European Union or in other states acceded to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the United States where it will be abbreviated. Google will use this information on behalf of the operator of this website to analyze the use of the website, compile reports on website activity and perform additional services relating to the use of the website and the Internet for the website operator.

These services allow our website to communicate, optimize and serve advertisements based on the past use of the site by the User. This activity is carried out through the tracking of the Usage data and Cookies – this information is transferred to the partners to whom the remarketing and behavioral targeting activity is connected.

AdWords Remarketing (Google Inc.)

AdWords Remarketing is a Remarketing and Behavioral Targeting service provided by Google that connects the activity of our site with the AdWords advertising network and the DoubleClick Cookie. This type of service allows this site and its partners to communicate, optimize and serve advertisements based on the past use of the site by the User. This activity is carried out through the tracking of the Usage data and Cookies – this information is transferred to the partners to whom the remarketing and behavioral targeting activity is connected. Place of processing: USA – Privacy PolicyOpt-Out

Facebook Remarketing (Facebook, Inc.)

Facebook Remarketing is a remarketing and behavioral targeting service provided by Facebook, Inc. that connects the activity of our site with the Facebook advertising network. Place of processing USA – Privacy PolicyOpt Out

HotJar

This website uses Hotjar to better understand our users needs and to optimize the level of service provided. Through the use of Hotjar we can have a better understanding of users behaviour on salumipasini.com website (i.e. how much time they are spending on a page, which are the most clicked link, which are the area of higher interest, etc..). Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device’s IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar is storing all the information with unidentified profiles. None of the collected information can be tracked or used from Hotjar nor SMAPP Spa to identify users. Finally, none of these information can be matched with any other single user information.

Place of processing: Ireland, Amazon Web Services Infrastructure – Privacy Policy

Tidio Chat Widgets

The Tidio Live Chat Widget is an interactive service of Tidio live chat platform, provided by Tidio Ltd. This type of service allows you to interact with the live chat tool, managed by the external provider, directly from the pages of this website. This allows the User to contact the support service of this website while navigating the website. When a live chat interactive tool is installed, it might collect information about Website pages statistics, even if Users are not using its service. Live chat conversations may be recorded, following the tool’s privacy policy.
Personal Data collected: Cookies, Usage Data provided by users while using the service. Place of processing: USA – Privacy Policy

Payment management

Payment management services allow this Website to process payments by credit card, bank transfer or other means. The data used for payment is acquired directly by the operator of the requested payment service without it being processed in any way by this Website. Some of these services may also allow the scheduled sending of messages to the User, such as e-mails containing invoices or payment notifications.

PayPal

PayPal is a payment service provided by PayPal Inc., which allows the User to make online payments using their PayPal credentials. Personal Data processed: various types of Data according to what is specified by the privacy policy of the service. Place of processing: Please refer to the privacy policy of PayPal – Privacy Policy

Stripe (Stripe Inc)

Stripe is a payment service provided by Stripe Inc., which allows the User to make online payments using their credentials and payment details. Personal Data processed: various types of Data according to what is specified by the privacy policy of the service. Place of processing: USA – Privacy Policy

Interaction with social networks and external platforms

So-called social plug-ins are used on our website, which are special tools that allow the features of social networks to be incorporated directly into the website. Plug-ins of the following social networks are on our website:

  • Facebook
  • Twitter
  • Instagram
  • Pinterest

The presence of these plug-ins involves the transmission of cookies to and from sites managed by third parties. The interactions and information acquired from this site are in any case subject to the user’s privacy settings relating to each social network. So, when the Salumi Pasini page is visited on social networks, they collect data through cookies even if the user has not logged in or is not registered on social media. SMAPP Spa is not aware of the data collected by social networks; it does not obtain full access to such collected data or to any user profile but can only access the information of its “public” profile. The information shared by the user as “public” can be modified by them through their personal Social settings. The only implemented cookies are those of Facebook and Google. SMAPP Spa receives anonymous statistics from Social networks based on the legitimate interest in using its page. The following anonymous information may be provided: followers, advertising performance, range (number of people who view specific content), demography. These statistics are used to constantly improve our online content on social media and to better respond to the interests of our users. We cannot link statistical data with the profiles of our fans or individual users.

The management of the information collected by “third parties” is governed by the relevant privacy policy to which reference should be made. To ensure greater transparency and convenience, below are the privacy policy addresses and the methods for managing cookies:

Facebook privacy policy: https://www.facebook.com/help/cookies/
Twitter privacy policy: https://support.twitter.com/articles/20170514
Instagram privacy policy: https://instagram.com/legal/cookies/
Pinterest privacy policy: https://about.pinterest.com/en/privacy-policy
LinkedIn information: http://it.linkedin.com/legal/cookie-policy

Disabling Third-party Cookies

As an alternative to the above (Google and Facebook opt-out), you can disable the use of cookies by a third-party provider by visiting the Network Advertising Initiative opt-out page

Nature of the data collection and possible consequences of not providing it

The provision of personal data is optional, but necessary so that the user can register on the site and place orders. Therefore, failure to provide data such as name and surname, business name, address, e-mail, telephone number, will not allow us to complete the online purchase and process orders, from taking charge until shipment to the Customer. Furthermore, if you choose a credit card as a payment method, you will be asked for data relating to the credit card you intend to use. This data will in no way be processed by us, but only by the payment service provider. A part of this data, such as the e-mail and telephone number can be used, prior to consent, for further activities as specified in the “Processing purposes” paragraph. Therefore, if consent is not provided, the User will not be able to use additional services (e.g.  newsletter sending) and the data will not be used for such purposes.

Data retainment period

Data retainment is carried out in compliance with the times indicated in the table above. The personal data will be deleted at the end of the retainment period. Therefore, when this term has expired, the right to access, deletion, rectification and the right to the portability of the data, can no longer be exercised.

Processing methods

Personal data processing will be mainly carried out with the aid of electronic or automated means, in the manners and with the appropriate tools to ensure data security and confidentiality. Specifically, all technical, IT, organizational, logistical and procedural security measures will be adopted, so the minimum level of data protection required by law is guaranteed, allowing access only to people in charge of processing by the Controller or the Processors appointed by the Controller. The information acquired and the processing methods will be relevant and not excessive regarding the type of services provided.

Data Communication and Dissemination

The data provided will not be disseminated in any way but may be communicated to subjects operating under the direct authorization of the Controller. Data is specifically communicated:

  • to company staff to carry out administrative/accounting/commercial activities
  • to third parties carefully selected for reliability and competence that act on the basis of contractual agreements and specific instructions (e.g.: web masters, companies that manage marketing activities, newsletter sending, companies that are entrusted with profiling, companies that provide support in carrying out market studies, companies that manage payment services, hosting providers, etc.). These subjects are appointed as External Processors, if needed. The updated list of the subjects can always be requested to the Data Controller.

Your data may be processed by third parties to whom the data is communicated if you give explicit consent. In any other case, except for what is provided by applicable law, personal data will not be disseminated.

Processing location and data transfer to third countries

Data is processed at the headquarters of the Data Controller and at Netsons Web Hosting data centre. The web hosting is the Data Processor that processes data on behalf of the Controller. Netsons has cloud servers located in the European Economic Area and acts in compliance with European standards. With regard to the processing purposes relating to the newsletter sending, data may be transmitted abroad and processed by third parties, also established in the area of the countries outside the European Economic Area, such as the United States of America. Please note that data protection laws and their laws of other countries outside the European Economic Area to which data may be transferred, may provide a lower level of protection than that of the country of residence of the data subject. The Data Controller will use appropriate precautions in these cases, in accordance with applicable law, to ensure that the data subject’s personal data remains protected. These measures also include the use of the standard contractual clauses to protect the transfer of data outside the European Economic Area.

Minors

This Website and the Services of the Controller are not intended for minors under 18 years of age and the Controller does not intentionally collect personal information related to minors. Should any information on minors be unintentionally recorded, the Controller will delete it in a timely manner, upon request of the users.

Rights of the data subject

Pursuant to Articles 15-22 of the GDPR no. 2016/679, you may exercise at any time the right to:

  • access the data;
  • request confirmation of the existence or not of your data;
  • obtain the rectification and deletion of data;
  • oppose processing;
  • obtain processing limitation;
  • obtain data portability;
  • lodge a complaint to the supervisory authority (Data Protection Authority).

To enforce the rights of the data subject and/or to request further information, you may contact the Data Controller, sending a registered letter with notification of receipt to SMAPP Spa, Trezzano S/N (MI), Via Circonvallazione 7, 20090 or by sending a communication to the following contacts: Fax. +39 02 48400502 e-mail: [email protected].

Data security

Your personal data will be processed with automated tools for the time strictly necessary to achieve the purposes for which it was collected and in compliance with the principle of necessity and proportionality, avoiding to process personal data if the operations can be performed using anonymous data or by other means. We have adopted specific security measures to prevent the loss of personal data, illicit or incorrect use and unauthorized access, but please do not forget that it is essential for the security of your data that your device is equipped with tools such as a constantly updated antivirus and that the provider of the Internet connection guarantees the secure transmission of data through firewalls, anti-spam filters and similar devices.

Changes to the document

The Data Controller reserves the right to make changes to this Privacy Policy, at any time, by notifying Users on this page. We would therefore like Users to consult this page frequently, using the date of the last change indicated at the bottom as a reference. When there are any updates or changes to this document, Users will be placed in a position to understand and evaluate the changes made by comparing the various versions of the information that may occur over time, as the previous versions of the document can still be consulted by Users on the website. In the event of non-acceptance of the changes made to this privacy policy, the User is required to stop using this website and request the Data Controller to delete his/her personal data by sending a specific communication to the previously indicated addresses. Unless otherwise specified, this Privacy Policy will continue to apply to personal data collected up to that moment.

Should you express your consent to receive Newsletters through your account registration on the website, you are declearing that you have read and accepted the terms and conditions of the Newsletter Privacy Policy  

* * * 

Last update 25.11.20

X