INFORMATION ON THE PROCESSING OF PERSONAL DATA
As foreseen in the European Union Regulation no. 679/2016 (hereafter "GDPR") and in particular to the art. 13, below we provide the information required by law concerning the processing of your personal data. Note for minors: If you are 16 or under, please obtain permission from the parent / guardian before providing your personal information. The website www.naturalshoes.it (hereafter the "Site") is owned and managed by Naturalshoes srl, with registered office in Rome, Italy, Via della Lungaretta, 94, (hereinafter referred to as "Naturalshoes"). Naturalshoes srl complies with the applicable data protection laws and constantly strives to improve the protection of its customers.
1. HOLDER OF THE TREATMENT
Holder of the processing of the personal data is subordinated to the art. 26 GDPR - European Regulations on Privacy: - Naturalshoes srl, with registered office in Rome, Italy, Via della Lungaretta, 94, Tax Code / VAT number 11900051001; pec: firstname.lastname@example.org.
2. WHAT ARE THE PERSONAL DATA?
Personal data is identifiable natural person, such as name, surname, gender, e-mail address, telephone number, date of birth, postal address.
3. WHAT PERSONAL DATA ARE TREATED?
3.1 Date entered by
the user If the user creates his own personal account, we process the personal data thus provided, in particular the data as defined in section 2.
3.2 Navigation data
The computer systems and the software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of the Internet communication protocols. This is information that can not be associated with interested parties, but which by their very nature, This category of data includes IP addresses or domain names of computers used by Users, Uniform Resource Identifier (URI) addresses notation of the requested resources, the time of the request, the method used in submitting the request to the server, the file size received in response,the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters related to the operating system and the user's computer environment. To be used as an aggregate form, for the sole purpose of obtaining processing. Crimes against the site.To be used as an aggregate form, for the sole purpose of obtaining processing. Crimes against the site. To be used as an aggregate form, for the sole purpose of obtaining processing.Crimes against the site.
4. WHEN DO WE TREAT YOUR DATA?
4.1 Stipulation of contracts
We process your personal data when you create your personal user account, when you order products through our website or when you subscribe to our newsletter. Unless otherwise specified in the following provisions, the legal basis for this processing of data is Article 6 paragraph 1 b) and a) GDPR (execution of a contract and consent).
5. PURPOSE OF DATA PROCESSING
To make purchases on our site you need to create a personal account (hereinafter "user account"). You can store personal information in the user account and facilitate purchases in our online store. To create a personal user account you need your personal data, name and surname and, depending on the case, your address and telephone number. In addition, users must provide their e-mail address and a password of their choice. The e-mail address provided by users also acts as login data for the user account. In addition, users can store their personal data within the user account and then conveniently buy in the online store. The information can be updated at any time in the personal area of the user account ("
5.2. Order processing in our online shop
With regard to the order of products in our online store, the processing of personal data is intended to allow and optimize order fulfillment, including payment and delivery. When the payment is made by credit card, we receive the payment ID and the last four digits of the credit card number of our payment service provider. We need it for authentication and allocation of your order and therefore for your security. The personal data required for payment are collected directly by the payment service provider. The legal basis for the aforementioned data processing is the article.6 paragraph 1 b) GDPR (execution of a contract) and Article 6 paragraph 1 f) GDPR (legitimate interest, based on our interest in offering you a secure payment option with a credit card). Among other things, we also check all previous orders made from your client account. The system also checks whether the delivery address is different from the billing address, whether it is a new delivery address or if the order is to be delivered to an intermediate center. After choosing the payment service provider, you will be asked for the data necessary to use this service. This payment information is forwarded directly to the respective payment service provider and is not archived by Naturalshoes. If you create an account, your billing and delivery address data will be saved on your site in your user account so you do not need to enter them the next time you make a purchase. You can change this information at any time by logging into your account. The personal data processed included for the management of the orders will be kept for 10 years as required by tax regulations.
5.3 Communications by e-mail when an account is registered
When a user signs up for our site, the system automatically sends an e-mail confirmation on the box used by the user for registration.
5.4 Communications by e-mail when an order is placed
Following the conclusion of the purchase contract, the system will automatically send the user some emails to update the user on the order processing status. Emails are sent to the box indicated by the user during registration or to the email box indicated when completing the order in the case of purchases without registering an account. The emails sent are personalized based on the type of payment chosen and contain information related to payment, order preparation, shipping, etc. The cycle of automated e-mails ends with the sending of a last e-mail following the delivery in which the user is offered the possibility of providing a
We offer all users of our community (users of www.naturalshoes.it) the opportunity to receive our newsletter. To activate it, the user can register with his e-mail address on the appropriate page. The user can withdraw his consent at any time and without indicating the reasons. The easiest way to do this is to click on the "Unsubscribe" link found in each newsletter. The Newsletter may also contain advertising banners, advertisements and advertising offers. The legal basis for this process is Article 6 (1) a) GDPR (consent).
5.6 Contact via contact form
If you send us information requests using the contact form, we will process the information you provide, including your contact details, in order to process your request. In case of subsequent requests, this additional data will also be stored. The legal basis is Article 6.1 b) GDPR (fulfillment of the contract - the processing of user data is necessary for the fulfillment of the contract to answer questions or requests) and Article 6 paragraph 1 f) GDPR (interests balancing - based on our interest in processing user requests for our website). As Data Controller, Naturalshoes informs that the personal data of Users, subject to their consent, may be processed by Naturalshoes for the following purposes: a) sending information, promotional and advertising material relating to the Naturalshoes brands (for example, but not limited to: sending newsletters, promotions, etc.); b) to develop studies and statistical research; c) collect data and information in a general and particular way on consumer guidelines and preferences and process them by electronic means to identify the products that may be of interest to them, in order to send them promotional communications expressly addressed to these products (cd profiling).
6. METHOD AND PLACE OF TREATMENT
Personal data are processed with automated tools for the time strictly necessary to achieve the purposes for which they were collected. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access. The database is accessible only by authorized parties using methods that guarantee protection and confidentiality, thanks to the adoption of security measures designed to prevent data loss, illicit or incorrect use and unauthorized access. Despite all the measures taken to safeguard your information, we can not guarantee, at the state of technology, that unauthorized access or abuse of services by third parties can be ruled out.
DATA PROCESSING PLACE
The processing related to the Services of this Site takes place at the headquarters of the Data Controller and is only handled by technical staff of the owner appointed for this purpose in the capacity of charge, or by persons in charge of occasional maintenance operations. No data deriving from the web service is communicated or disseminated. The personal data provided by Users who submit requests for membership to the Services are used only to perform the service or provision requested and are communicated to third parties only if this is necessary for that purpose. In its capacity as data controller, Naturalshoes may proceed directly or through any external processors indicated on the Site,
7. APPLICATION TO EXTERNAL SUPPLIERS OF SERVICES - RESPONSIBLE
For the operation of our website, we provide external providers of data processing services (for example, order submission, software newsletters, calculation centers). If necessary, these service providers also process personal data. Service providers are carefully selected and monitored by us. The data is processed exclusively in accordance with our instructions and is also bound by this data protection declaration. Only in the presence of an express authorization by the User, Naturalshoes proceeds to use its data for the same activities referred to in the previous point with the aid of automated tools without the intervention of an operator and / or for the other purposes from time to time authorized by the User. The updated list of all data processors is available at each of the Data Controller's offices and can be requested at the following e-mail address: email@example.com. This list can then be integrated and / or updated as needed.
8. STORAGE PERIOD
Personal data will be kept only for the time necessary to achieve the purposes indicated here or as required by law (civil, fiscal and tax obligations in force). The data entered by you pursuant to section 3.1 will therefore be deleted no later than 10 years after the expiry of any retention periods provided for by commercial and tax law. Data recorded automatically, as defined in section 3.2, will therefore be deleted or made anonymous after 24 months.
9. YOUR RIGHTS
As interested, in accordance with articles 15-21 of the GDPR you have the right to:
- obtain confirmation of the processing of your personal data;
- access your personal data and know its origin (when the data are not obtained by you directly), the purposes and purposes of the processing, the data of the subjects to whom they are communicated, the retention period of your data or useful criteria to determine it;
- obtain the updating and correction of your personal data so that they are always accurate and accurate;
- obtain cancellation, in the cases provided for by art. 17 of the GDPR, of your personal data or request the limitation of the treatment;
- obtain a copy of your personal data. You can therefore know what are your personal data in our possession, their origin and how they are used, request the updating, correction or integration and, in the cases provided for by the provisions in force, the cancellation, the limitation of treatment or oppose to their treatment.
If you wish, you can request to receive personal data in our possession that concern you in a format readable by electronic devices and, where technically possible, we can transfer your data directly to a third party indicated by you. Any requests will be processed no later than one month after receipt, subject to the possibility of extending this deadline for a further two months, if necessary, taking into account the complexity and the number of requests received from the Data Controller.