PRIVACY POLICY

INFORMATION ON THE PROCESSING OF PERSONAL DATA

(PRIVACY POLICY)

 

Dear User,

below you will find all the information required by Article 13 of the European Data Protection Regulation (EU Reg. 2016/679 - henceforth, GDPR), on the processing of personal data carried out through this site. Therefore, it will be made clear to you what data is collected, how it is used, transferred, communicated and stored by the site, and what rights you can exercise.

 

WHO IS THE DATA CONTROLLER OF PERSONAL DATA?

The GDPR defines Data Controlleras "the natural or legal person, public authority, service or other body which, individually or jointly with others, determines the purposes and the means of the processing of personal data."

The Data Controller is, therefore, the one who decides "why" and "how" data should be processed, without receiving instructions from others.

The Data Controller of this site is the Company Trade Lux Italia S.r.l., located at Via Bagutta 13, 20121 Milano, Italy P.IVA 06700101212.

If you have any questions regarding this policy, you may write following e-mail address: customercare@tluxy.it

 

WHAT PERSONAL DATA DOES THIS SITE COLLECT?

The personal data collected by this site, either independently or through third parties, are:

1. (a) browsing data. To this type of data belong, by way of example, IP addresses, browsing times, geographical data and other parameters relating to the User's operating system and computer environment. These data are necessary for the use of the services described in this site by Users and are collected, with automatic methods, in order to obtain statistical information on the use of the services themselves (most visited pages, number of visitors per time slot or daily, geographical areas of origin, etc.), as well as the proper functioning and security of the site. Such information, which in itself does not identify the User, could nevertheless allow the User's identity to be traced, including through processing and/or association with other data, held by this site or by third parties. Unless they prove necessary for the investigation of crimes by the judicial authorities or for defense in court, navigation data are deleted after sixty days of their collection.
2. b) data provided by the User, including data entered by filling out the form on the site, found in the "Add to cart" section, and the newsletter, i.e. personal data, residence/domicile and e-mail addresses, cell phone numbers. In cases where this site indicates some of these data as optional, the User is free to refrain from communicating them, without this having any consequence on the availability or operation of the service(s). The User assumes responsibility for the Personal Data of third parties obtained, published or shared through fattoincasadabenedetta.it and guarantees that he/she has the right to communicate or disseminate them, releasing the Owner from any liability towards third parties.
3. (c) data collected through cookies and related technologies

This site also collects personal data through so-called cookies. For more information about the use of cookies and other tracking tools both by the site and by third-party service owners used by the site, click here.

 

FOR WHAT PURPOSES ARE PERSONAL DATA COLLECTED?

1. To enable the Owner to provide its Services.

In order to proceed with the purchase, the User, when completing the relevant form, gives the following personal data: first name (optional), last name, company (optional), email, cell phone, shipping address 1 and shipping address 2 and billing address, tax code (optional).

2. To send the User commercial and promotional information through the newsletter.

Through the subscription to the Newsletter service, present on the Homepage of the site, and at the bottom of the "Recapitals" section of the purchase form, the data provided by the User (first name, last name, email) may be used to transmit messages containing information of a commercial and promotional nature, relating to this Site. The processing of personal data for such purposes may take place only if the User expresses consent, by ticking the box provided for this purpose,* consent which may be revoked by the same, automatically, without cost and at any time, by clicking on the appropriate link - "UNSCRIBE" - present in the banner placed at the bottom of all commercial and advertising communications sent by this Site. Data processing related to the sending of the newsletter takes place through the marketing automation platform and on the servers used by Shopify, based in both Europe and Canada ("If you are located in Europe, the United Kingdom or Switzerland, your personal information is controlled by our Irish subsidiary, Shopify International Ltd....When we send your personal information outside of Europe, we do so in accordance with European law"), which holds the role of data controller(ex art. 28 GDPR). You can view Shopify's privacy policy, here.

3. For purposes ofcommunicating personal data to third parties for their direct marketing.

Upon the express, and free consent of the User, the User's personal data (first name, last name, address, city, size, gender), may be shared by the Data Controller with its business partners(Resellify) in order to take advantage of the services offered by the latter. The legal basis for the processing of personal data for these purposes is established by Article 6, par. 1, lett. a of the GDPR as it is a processing whose lawfulness depends on the consent expressly, freely and unequivocally given by the data subject.

4. To contact the User.

The User who intends to contact the Owner for any request or information on the products offered, is invited to click on the "Contact Us" section at the bottom of the Homepage of this site, from which he/she will be redirected to fill in the dedicated form, with his/her own Data (first name, last name, email, telephone number). The "Contact Us" section is also present in the selection pages of each product, where there is also the possibility of using the instant messaging platform Whatsapp. For data processing, the User should refer to the privacy policy that can be consulted here. The legal basis for the processing of personal data for these purposes is established in Article 6(1)(b) of the GDPR (execution of a contract or pre-contractual measures) as the data provided is necessary for the response to the requests of the data subject and does not require his/her consent.

5. To share products on their social channels.

At the bottom of each product description, the User can share a selected product on their social channels, Facebook, Twitter, and Pinterest. This is done by requesting an e-mail address in order to access their social account.

6. To comply with obligations under applicable laws, regulations or EU legislation, or fulfill requests from the Authorities.

The legal basis for the processing of personal data for this purpose is established by Article 6 para. 1 lit. c) of the GDPR ("the processing is necessary for compliance with a legal obligation to which the controller is subject").

7. For trial defense.

The User's Personal Data may be used by the Owner in legal proceedings or in the preparatory stages of its possible establishment for the defense against abuse by the same User, in the use of the website or related services.

The User assumes responsibility for third party Personal Data obtained, published, or shared through this site and warrants that he or she has the right to communicate or disseminate it, releasing the Owner from any liability to third parties.

 

LINKS TO THIRD-PARTY SITES AND SOCIAL PLUGINS

These services allow for interactions with social networks, or other external platforms, directly from the pages of this Site.

The Owner does not control and has no way of supervising either the content or the policies on the processing of personal data of third-party websites and services accessible through links contained within the Site, including any social plug-ins. The Owner cannot, therefore, under any circumstances be held responsible for the processing carried out through or in relation to such third-party sites. Users are, therefore, invited to read the privacy and cookie policy, as well as the terms of service published on such sites.

Interaction with Social Networks

In the event that a social network interaction service is installed, it is possible that, even if Users do not use the service, it will collect traffic data related to the pages where it is installed.

Facebook Widget (Meta Platforms, Inc.).

The Facebook widget and "follow" button are social network interaction services with Facebook, provided by Meta Platforms, Inc.

Personal data collected: Cookies and Usage data.

Place of processing: USA - Privacy Policy

Pinterest Widget (Pinterest, Inc.)

The Pinterest widget and "follow" button is an interaction service with the social network Pinterest, provided by Pinterest, Inc.

Personal data collected: Cookies and Usage data.

Place of processing: USA - Privacy Policy

Twitter Widget (Twitter, Inc.)

The Twitter widget and "follow" button are social network interaction services. Provided by Twitter INC.

Personal data collected: Cookies and Usage data.

Place of processing: USA - Privacy Policy

 

PAYMENT MANAGEMENT

The data used for payment processing services by credit card, bank transfer or other means are acquired directly from the operator of the requested payment service without being processed in any way by this Site.

Some of these services may also allow the scheduled sending of messages to the User, such as e- mails containing invoices or notifications regarding payment.

ShopPay

is a Shopify service that enables quick check-out for customers by saving e-mail address, credit card, and shipping and billing information.

Personal Data Collected: Various types of Data as specified by the service's privacy policy, which can be found here.

Paypal

offers digital payment and money transfer services via the Internet.

Personal Data Collected: Various types of Data as specified by the service's privacy policy, which can be found here.

GPay

It is a digital wallet system developed by Google that allows people to make online purchases and pay directly with their smartphones at any point of sale equipped with contactless/NFC technology.

Personal Data Collected: Various types of Data as specified by the service's privacy policy, which can be found here.

Scalapay

Scalapay is a payment service provided by Scalapay SRL, which allows the User to make payments in No. 3 installments, without interest, using their Scalapay credentials.

Personal Data Collected: Various types of Data as specified by the service's privacy policy, which can be found here.

 

WITH WHOM CAN THE DATA BE SHARED?

For the processing purposes described of this policy, personal data may be shared with:

- persons authorized (ex art. 29 of the GDPR) by the Data Controller for the processing of personal data necessary to carry out activities strictly related to the provision of the services of this site, who have committed themselves to confidentiality or otherwise have an appropriate legal obligation of confidentiality;

- the so-called. Data Processors/sub-Processors (ex art. 28 GDPR), i.e. individuals and companies, who cooperate with the Controller for the pursuit of the aforementioned purposes, including those who offer the server space of this site, manage it, those who are delegated to carry out technical maintenance activities of computer networks, to manage sales operations and/or to carry out activities of necessary support to the services provided through this site;

- Subjects, entities or authorities for which it is mandatory to communicate personal data by virtue of legal provisions or orders of the Authorities.

The Personal Data Processors/sub-processors, as well as the Authorized Persons, are all appointed by formal deed and indicated in the appropriate list. The User may request more detailed information by contacting the Controller at the e-mail address customercare@tluxy.it.

  

HOW LONG WILL PERSONAL DATA BE KEPT?

Data are processed and stored for the time required by the purposes for which they were collected. The personal data provided for the provision of the services offered by this site will be kept for the period of time necessary for the provision of the same, within the timeframes provided for and allowed by Italian law to protect its interests (and in any case not beyond the terms of Articles 2946 c.c. et seq. - prescription).

Personal Data collected for purposes attributable to the legitimate interest of the Data Controller will be retained until that interest is satisfied.

If the User has subscribed to the newsletter, the data so provided will be retained until he/she requests cancellation from the service, via the "UNSCRIBE" link at the bottom of each communication.

If the User has also given consent to direct marketing activities, personal data will be retained for a period not exceeding two years after they are provided.

In general, all data processed on the basis of the User's consent are retained until that consent is revoked. The Controller may, however, be obliged to retain personal data for a longer period in compliance with a legal obligation or by order of an Authority.

At the end of the retention period, the Personal Data will be deleted. Therefore, at the expiration of this period, the right of access, deletion, rectification and the right to Data portability can no longer be exercised.

More information regarding the data retention period and the criteria used to determine this period can be requested by emailing the Data Controller at customercare@tluxy.it.

 

WHERE ARE THE DATA PROCESSED?

Personal data collected through this site are processed at the operational headquarters of the Data Controller and in any other place where the persons involved in the processing, authorized or responsible/sub-processors, are located. The transfer of Users' personal data outside the EU, which would be necessary for the provision of the services/products of this site, takes place exclusively to non-EU countries that ensure adequate levels of protection in accordance with current privacy legislation. For further information, the User is encouraged to contact the Data Controller.

 

HOW IS THE DATA PROCESSED AND PROTECTED?

The data are collected in accordance with the principle of minimization of the data processed (only the data strictly necessary to provide the services requested or achieve the other purposes specified here in point 5 are acquired). The processing of personal data by the Company is carried out using manual, computerized and telematic tools with logics strictly related to the aforementioned purposes. Processing operations are carried out in such a way as to ensure the security of the data and systems. Adequate security measures are adopted in order to minimize the risks of destruction or loss, even accidental, of the data themselves, of unauthorized access, of unauthorized processing or processing that does not comply with the purposes indicated in this information sheet. The security measures adopted, however, do not allow to exclude, absolutely, the risks of interception or compromise of personal data transmitted by telematic means. It is therefore recommended that the User verify that his/her device (Pc, smartphone, tablet etc.) is equipped with software systems adequate to protect the telematic transmission of data, both incoming and outgoing (such as, for example, updated antivirus systems, firewalls and spam filters).

 

UNDER 18 YEARS OF AGE.

To use the services of this site, you must be at least 18 years old. Failing this, any personal information provided by the minor, without parental consent, will be immediately deleted, releasing the Owner from any liability, claim, and/or compensation.

 

WHAT ARE THE USER'S RIGHTS?

According to Articles 15 et seq. of the GDPR, the User has the right to:

-access to their personal data, to request their rectification, updating and deletion or restriction if incomplete, erroneous or collected in violation of the law;

- To object to the processing for legitimate reasons or to obtain portability;

- obtain confirmation of the existence or otherwise of personal data concerning him/her, even if not yet registered, and their communication in intelligible form.

The User has, in addition, the right to obtain

1. (a) the indication:

- Of the origin of personal data;

- Of the purposes and methods of processing;

- Of the logic applied in the case of processing carried out with the aid of electronic instruments;

- of the identification details of the Owner, the Person(s) in charge (internal/external) and the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them as Authorized Persons;

1. b) the updating, rectification or integration of their data within the limits of relevance to the activity carried out by the Owner;
2. c) the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including data whose storage is not necessary in relation to the purposes of processing;
3. d) certification that the operations referred to in letters b) and c) have been brought to the attention of those to whom the data have been communicated, except where this proves impossible or involves the use of means manifestly disproportionate to the protected right.

The User has, also, the right to object, in whole or in part:

1. e) for legitimate reasons to process personal data concerning him/her, even if relevant to the purpose of collection;
2. (f) to the processing of personal data concerning him or her for the purpose of sending the newsletter;
3. g) to the processing of personal data provided for direct marketing purposes, in which case it is clarified that Users do not have to provide any reasons.

 

HOW TO ASSERT ONE'S RIGHTS?

The rights of the Users regarding the processing of their personal data are exercised with a request made freely and without formality to the Data Controller, directly or through one of its appointees, by sending an e-mail message to the e-mail address: customercare@tluxy.it. The Interested Party has the right to receive appropriate feedback to the transmitted request, without undue delay and, in any case, no later than one month from the receipt of the request itself (deadline extendable by two months, due to complexity and number of instances), which may be renewed for justified reasons.

In any case, if you believe that the Data Controller is processing your personal data in violation of the provisions of the GDPR, you have the right to lodge a complaint with the Guarantor (Art. 77 GDPR, Art. 141 Privacy Code) or to take appropriate legal action (Art. 79 GDPR, Art. 152 Privacy Code). The complaint form and information on how to fill it out and submit it are available here. In order to exercise the rights in question, the data subject may rely on individuals, entities, associations or bodies, giving, for this purpose, a written proxy and be assisted by a trusted person.

 

CHANGES

This Site reserves the right to make changes or update the content of this policy, including as a result of possible changes in applicable legislation. The User will be informed of such changes at the time of their introduction and will have binding effect at the time of their publication on the Site. To take, therefore, cognizance of the most updated version of the Privacy Policy, the User is invited to regularly visit this section of the Site, so as to be constantly informed about the use and types of data collected by the Owner.  

 

Privacy Policy updated March 22, 2023