Home / Privacy Policy

Privacy Policy

Information pursuant to Art. 13 of the Regulations (EU) 2016/679 – Update of 10 January 2022

Version n.0 of the 07-01-2022

With this document ("Information") the Data Controller, as defined below, would like to inform you about the purposes and methods of processing your personal data and about the rights recognized by the Regulations (EU) 2016/679 relating to the protection of individuals, with regard to the processing of personal data as well as their free circulation ("GDPR").
This Information may be integrated by the Data Controller if any additional services requested by you were to be
involve further treatment.

HOLDER OF THE TREATMENT

BARBARA CURRADO S.R.L. based in Piazza del Duomo, 21 – 20122 Milano (MY), Italy

Phone: +39 02 72000039

Email: info@gioielleriacurrado.it


P.IVA: 12946290967

DATA PROTECTION MANAGER / DPO

BARBARA CURRADO S.R.L. based in Piazza del Duomo, 21 – 20122 Milano (MY), Italy

Phone: +39 02 72000039

Email: info@gioielleriacurrado.it

P.IVA: 12946290967


TYPES OF DATA PROCESSED

The processing activities carried out are aimed at acquiring the following personal data:


  • Cookie: Profiling cookies.
  • Behavioral data: Navigation log.
  • Common data: Personal data.
  • Economic data: Banking.


PURPOSE OF THE TREATMENT AND CONDITION THAT MAKES THE TREATMENT LAWFUL


CLIENTS – Execution of the Contract
The processing of personal data is necessary for the acquisition of information necessary for the conclusion and execution of the contract stipulated with the Data Controller.
Condition Lawfulness Treatment: Contract execution – Art. 6, c.1, let. b. GDPR


Purpose of the treatment: Execution and management of the contract stipulated with the Data Controller.
Acquisition of preliminary information to the conclusion of contracts.
Communications sent and / or received to / from customers related to the execution and / or stipulation of the contract, performed through various means of communication such as the telephone, email (email), instant messaging, paper mail.
Nature of the provision: Mandatory – Failure to provide the data will make it impossible, for the Data Controller, to perform the contract.
Personal data retention period: Personal data, employed for the execution of the contract, will be processed for the time necessary to manage the existing relationship with the Data Controller.
The information collected for the evaluation of the conclusion of the contract, in case of non-completion, will be canceled within 6 months.
Processing methods: The treatment is carried out, predominantly, with IT tools.


CLIENTS – Compliance with the law

The processing of personal data is necessary for the fulfillment of legal obligations, by community regulations and / or legislation, by supervisory / control bodies or other authorities entitled to do so.

Condition Lawfulness Treatment: Legal Obligation – Art. 6, c.1, let. c. GDPR

Purpose of the treatment:

Storage of accounting and administrative documents in paper form.

Preservation of accounting and administrative documents in digital form.

Digital storage of invoices issued / received (electronic invoicing).

Nature of the provision: Mandatory – Failure to provide the data will make it impossible, for the Data Controller, to perform the contract.

Personal data retention period: Personal data will be processed for this purpose for the time necessary for the fulfillment of legal obligations under current legislation.

In this regard, personal data will be stored for 10 years from the termination of the contract o, if later, by a binding decision issued by a competent authority, without prejudice to any storage obligations relating to particular categories of data, for longer periods of time, prescribed by the legal system.

Processing methods: The treatment is carried out, predominantly, with IT tools.


SITE – Navigation data

Obtain anonymous statistical information on use, check the correct functioning of the site, ascertainment of responsibility in the event of hypothetical computer crimes against the owner.

Condition Lawfulness Treatment: Legitimate Interest – Art. 6, c.1, let. f. GDPR

Purpose of the treatment:

Data analysis to carry out the evolution and maintenance of the website.

Assessment of responsibility in case of potential computer crimes against the site and / or the data subjects.

Statistical analysis, anonymous, on the use of the site.

Nature of the provision: Mandatory – Failure to provide the data will make it impossible for the company to provide the web service provided.

Personal data retention period: The data is kept for 30 days.

Processing methods: The treatment is performed with IT tools.


SITE – Requests from the Site

Requests made by interested parties through the website of the Data Controller.

Condition Lawfulness Treatment: Contract execution – Art. 6, c.1, let. b. GDPR

Purpose of the treatment: Sending requests via web platform tools.

Nature of the provision: Optional – Failure to provide the data will make it impossible, for the Data Controller, to respond to requests from the interested party.

Personal data retention period: Fulfillment of the request.

Processing methods: The treatment is performed with IT tools.


SITE – Use of the Service and Reserved Area

Use of the services offered through the reserved area of ​​the owner's website.

Condition Lawfulness Treatment: Contract execution – Art. 6, c.1, let. b. GDPR

Purpose of the treatment:

Registration within the reserved area.

Use of the service provided by accessing the reserved area of ​​the site.

Nature of the provision: Optional – Failure to provide the data will make it impossible, for the Data Controller, to provide services through the reserved area of ​​the site.

Personal data retention period: User cancellation.

Processing methods: The treatment is performed with IT tools.


PAGINA SOCIAL FACEBOOK

When a user uses the Page administered by the Owner, Facebook ("Social media") collects information such as the types of content viewed or interacted with, the actions performed as well as information on the devices used (IP addresses, operating system, typo in browser, language settings, cookie data).

Page Insights are aggregate statistics created by certain events recorded by Facebook servers when users interact with Pages and the content they contain.


As illustrated in the Privacy Policy (https://www.facebook.com/policy) of Facebook, Social Media also collects and uses information to provide statistical data collection services defined as Page Insights (https://www.facebook.com/business/pages/manage#page_insights) to the administrators of the pages to allow them to understand how people interact with the contents they contain.
Details on the processing methods performed by Facebook are available at the following link:
https://www.facebook.com/privacy/explanation (https://www.facebook.com/privacy/explanation)
Details on the personal data processed for Insights are available at the following link:
https://www.facebook.com/legal/terms/information_about_page_insights_data (https://www.facebook.com/legal/terms/information_about_page_insights_data)
Details on the cookies used by Facebook, are available at the following link:
https://www.facebook.com/policies/cookies/ (https://www.facebook.com/policies/cookies/)
The Data Controller as administrator of the Page and Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) are joint controllers of the treatment in accordance with the article 26 of the GDPR for the processing of such personal data recorded for events delivered through Page Insights (https://www.facebook.com/business/pages/manage#page_insights) (“Insights data”).
The joint ownership agreement (https://www.facebook.com/legal/terms/page_controller_addendum), between the Owner and Facebook, covers the creation of such events and their aggregation in Insights on the Page provided to each administrator.
The legal basis of the processing is the legitimate interest of the Data Controller, art. 6, paragraph 1, lettera f), GDPR. Therefore, it is not necessary to acquire your prior consent to the processing.
Condition Lawfulness Treatment: Legitimate Interest – Art. 6, c.1, let. f. GDPR
Purpose of the treatment: Statistical surveys relating to the use of elements contained within the Facebook page administered by the Data Controller.
Nature of the provision: Compulsory – Failure to provide the requested data will make it impossible for the Owner to provide services through the page published on Facebook.
Personal data retention period: The data collected will be processed for the time strictly for the realization of the purposes described above as specified in the
Facebook policy described above.
Processing methods: The treatment is carried out by computerized means by the Facebook co-owner

DATA TRANSFER EXTRA UE

Personal data are processed exclusively within the European Union.


RIGHTS OF THE INTERESTED PARTY – COMPLAINT TO THE SUPERVISORY AUTHORITY

In relation to the treatments described in this Notice, as an interested party you can, under the conditions provided for by the GDPR, exercise the rights enshrined in articles from 15 a 22 of the GDPR and, in particular, the following rights:
right of access - article 15 GDPR: the right to obtain confirmation as to whether or not personal data concerning you are being processed e, then, obtain access to your personal data; right of rectification - article 16 GDPR: right to obtain, without undue delay, the correction of inaccurate personal data concerning you and / or the integration of incomplete personal data; right to cancellation (right to be forgotten) - item 17 GDPR: right to obtain, without undue delay, the deletion of personal data concerning you. The right to cancellation does not apply to the extent that the processing is necessary for the fulfillment of a legal obligation or for the performance of a task carried out in the public interest or for the assessment, the exercise or defense of a right in court.
Right to limitation of treatment - article 18 GDPR: right to obtain the limitation of the treatment, When:

a) the interested party disputes the accuracy of the personal data;

b) the processing is unlawful and the interested party opposes the deletion of personal data and instead requests that its use be limited ;

c) personal data are necessary for the data subject to ascertain, the exercise or defense of a right in court;

d) the interested party opposed the processing pending verification of the possible prevalence of the legitimate reasons of the data controller with respect to those of the interested party.
Right to data portability - article 20 GDPR: right to receive, in a structured format, commonly used and readable by an automatic device, the personal data concerning you provided to the Data Controller and the right to transmit them to another Data Controller without impediments, if the processing is based on consent and is carried out by automated means. Moreover, the right to obtain that your personal data be transmitted directly from this holder to another holder if this is technically feasible; right to object - article 21 GDPR: right to object, at any time, to the processing of personal data concerning you based on the condition of legitimacy of legitimate interest, including profiling, unless there are legitimate reasons for the Data Controller to continue the processing that prevail over interests, on the rights and freedoms of the interested party or for the assessment, the exercise or defense of a right in court.
Right not to be subjected to automated decision making - article 22 GDPR: the interested party has the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or which significantly affects his person in a similar way, unless this is necessary for the conclusion or execution of a contract or you have given your consent.

In any case, an automated decision-making process cannot concern your personal data and you may at any time obtain human intervention from the data controller, express their opinion and contest the decision.
Right to lodge a complaint with the Guarantor Authority for the protection of personal data: http://www.garanteprivacy.it (http://www.garanteprivacy.it); revoke the consent given on every occasion and with the same ease with which it was provided without prejudice to the lawfulness of the treatment based on the consent given before the revocation.
The above rights can be exercised, towards the Owner, by contacting the references indicated above.
The exercise of your rights as an interested party is free pursuant to the article 12 GDPR. However, in the case of manifestly unfounded or excessive requests, also for their repetitiveness, the Owner may charge you a reasonable fee, in light of the administrative costs incurred to manage your request, or deny the satisfaction of your request.
We inform you, in the end, that the Data Controller may request additional information necessary to confirm the identity of the interested party.

 

Write to us directly

    Open chat
    1
    Good morning,
    in this chat can talk live with our staff, for any information.