PRIVACY POLICY
The company A.G. S.a.s. di Accossato Giovanni (hereinafter referred to as “Company” or “the Data Controller”), as the data controller, wishes to inform you, pursuant to the applicable data protection regulations, including the European Regulation 2016/679 on the protection of personal data (the “Regulation”), that the personal data you provide during the establishment and duration of the relationship will be processed in compliance with the current legislative and contractual provisions for the purposes and with the methods indicated below. In some circumstances, some data may also be collected from third parties, where necessary and always in compliance with the applicable regulations.
1. DATA CINTROLLER
The data controller is A.G. S.a.s. di Accossato Giovanni, VAT number 07726670016, located at Via Don E. Bruno, 6, 10029 Villastellone (TO) – Italy. The following contact details are provided: phone: 011 969 6811 and email address gdpr@accossato.eu.
2. PERSONAL DATA SUBJECT TO PROCESSING
Personal data may be voluntarily entered on the website by the User or collected automatically during the use of this Site.
2.1 Data provided by the user:
user’s personal information: name, surname, postal address, city, zip code, phone number;
contact information: name, surname, email address, phone number, shipping address, order details;
billing and payment data, such as billing and shipping address, tax code, VAT number, IBAN code, SDI code, and certified email address (PEC);
2.2 Data collected automatically:
device information, such as IP address, browser, and operating system;
information on browsing behavior, such as pages visited, products viewed, and products purchased (subject to user cookie acceptance);
various types of cookies (see cookie policy).;
The use of cookies or other tracking tools by this site or by the owners of third-party services connected to it, unless otherwise specified, aims to identify the User and record their preferences for purposes strictly related to the provision of the service requested by the User.
3. PURPOSES AND LEGAL BASES
A.G. S.a.s. di Accossato Giovanni processes users' personal information for the following purposes:
A. Website and service improvement: Personal data may be used to improve the website and services, making them more useful and relevant for users. This data includes information on browsing behavior, such as pages visited, products viewed, and products purchased. The legal basis is the legitimate interest of the data controller.
B. Order processing: Personal data is collected to process orders, send shipments, and invoice products. This data includes name, email address, phone number, shipping address, and payment information. The legal basis is the execution of a contract or pre-contractual measures to which the user/data subject is a party.
C. Customer service through contact forms and live chat systems: Personal data is collected to provide customer service, answer questions, and resolve issues. This data includes name, email address, phone number, and product information. The legal basis is the execution of a contract or pre-contractual measures to which the user/data subject is a party;
D. Sending commercial and promotional communications, direct marketing purposes, event invitations, customer satisfaction surveys, both through traditional contact methods (i.e., postal mail and operator phone calls) and through automated contact methods (i.e., automated phone calls and similar methods such as fax, email, SMS, MMS, etc.); The legal basis is the consent of the data subject or, in the case of customer satisfaction analysis or new product updates for already registered customers on the website, the legitimate interest;
E. Tracking the browsing and purchasing choices of the user/data subject to improve marketing offers, commercial promotions, and customer satisfaction surveys. This activity is also carried out through the use of technologies such as cookies (for more information, please refer to the "Cookie Policy" on the website); The legal basis is the consent of the data subject;
F. Compliance with obligations imposed by laws and/or regulations issued by authorities legally authorized to do so; The legal basis for the processing of personal data is the legal obligation of the data controller.
G. Establishment, exercise, or defense of a right in judicial and extrajudicial proceedings by the data controller.
4. NATURE OF DATA PROCESSING
The provision of personal data is mandatory exclusively for the processing necessary for the provision of services.
Refusal to provide data for service provision purposes makes it impossible to access and use the services on the Website and prevents the conclusion of contractual or pre-contractual agreements requested by the data subject; the provision of data with the data subject's consent is free and optional, and the possible refusal by the data subject will not have any negative consequences on the provision of the services offered within the portal and related connected applications.
5. METHODS OF PROCESSING AND DURATION
The collected data will be processed using electronic, computer, and telematic tools or manual processing with logic strictly related to the purposes for which the Personal Data was collected and, in any case, in a way that guarantees the security of the same. In particular, all technical, IT, organizational, and procedural security measures will be adopted to ensure the level of data protection required by current regulations. Personal Data collected for purposes related to the execution of the contract with the User will be retained until the execution of that contract is completed and in compliance with civil and tax obligations (e.g., civil obligation to keep accounting records and other company correspondence for 10 years).
Personal Data collected for purposes related to the legitimate interest of the data controller will be retained until that interest is satisfied. The User has the right to object to the processing for processing based on legitimate interest and/or to withdraw consent to processing at any time without prejudice to the lawfulness of the processing based on consent before withdrawal.
Personal data processed for marketing purposes will be retained for no longer than 24 months from the date of collection.
This period is necessary to enable the company to achieve the purposes for which the data was collected, namely:
Sending marketing communications;
Personalizing the user experience on the website;
At the end of this 24-month period, all personal data will be reviewed to determine whether further retention is necessary. If they are no longer needed for the purposes for which they were collected, the personal data will be securely deleted or anonymized, making them unidentifiable with respect to the individual to whom they refer.
The company may retain personal data for a longer period if necessary to fulfill legal obligations or to resolve any disputes. The user has the right, at any time, to request the deletion of their personal data or to object to its processing for these purposes by sending a request to the data controller's contact email.
6. RECIPIENTS OF THE DATA
The personal data provided by the user for the purposes described in point 3 above may be disclosed to or brought to the attention of the following subjects:
employees and/or collaborators of the company, for the performance of administration, accounting, and IT and logistics support activities who act as authorized subjects ("appointees") of the processing;
companies or consultants responsible for the installation, maintenance, updating, and general management of hardware and software (including the Platform);
companies appointed by the Company for mailing activities and/or generally for sending online communications;
all public and/or private entities, individuals and/or legal entities (administrative and tax consulting firms), if the communication is necessary or functional to the proper fulfillment of the contractual obligations undertaken in relation to the services provided through the Site, as well as the obligations arising from the law;
companies or professionals engaged in logistics services such as couriers, shippers, and subjects responsible for the delivery and/or collection of purchased products;
all those entities (including Public Authorities) that have access to the data by virtue of regulatory or administrative provisions;
companies for commercial information, for the verification of the solvency of a potential customer;
companies responsible for the maintenance of our IT system;
law firms of our trust for the possible protection of our rights or for the management of disputes relating to the Contract;
subjects, different from those listed above, appointed data controllers or processors by the Data Controller, for the performance of activities connected to the conclusion of the purchase contract through the Site;
external companies, such as Credit Institutions, Financial Institutions, and external payment Platforms.
All personal data provided by users concerning registration on the Site and/or purchase through the Site are not subject to dissemination. The updated list of data controllers and processors can be consulted at the data controller's office.
7. DATA TRANSFER TO THIRD COUNTRIES
Personal data will be stored at the Company's headquarters and its servers (both located in Italy at the Data Controller's headquarters) and will not be transferred outside the European Union.
Should it be necessary for technical and/or operational reasons to use entities located outside the European Union, we inform you now that such entities will be appointed Joint Controllers, pursuant to Article 26 of the Regulation, or Processors, pursuant to and for the purposes of Article 28 of the Regulation, and the transfer of personal data to such entities, limited to the performance of specific processing activities, will be regulated in accordance with the provisions of Title V of the Regulation. All necessary precautions will therefore be taken to ensure the full protection of your Personal Data based on such processing: a) on adequacy decisions of the third countries expressed by the European Commission; b) on adequate guarantees expressed by the third-party recipient pursuant to Article 46 of the Regulation; c) on the adoption of binding corporate rules. In any case, you may request more details from the Data Controller if your data is processed outside the European Union by requesting evidence of the specific guarantees adopted.
8. PROFILING
The Data Controller does not use automated processes aimed at profiling.
9. COOKIES AND SIMILAR TECHNOLOGIES
The site collects cookies and other tracking tools to improve the user's browsing experience on the website. Cookies are small text files that are stored on the computer or mobile device when the user visits a website. Cookies can be used to store user preferences, to improve their browsing experience, and to provide targeted advertising. For more information on cookies and other tracking tools, please visit the site's cookie policy.
10. INTERACTION WITH SOCIAL NETWORKS AND EXTERNAL PLATFORMS
Our Platform may, from time to time, contain external links from our advertisers and affiliate partners. If the user follows a link to any of these websites, please remember that these websites have their own privacy practices, and we do not accept any responsibility for such policies. Users are requested to consult the privacy policies of such sites before giving consent to the processing of Personal Data. These services allow interactions with social networks or other external platforms directly from the pages of this site. Interactions and information acquired by this Application are in any case subject to the User's privacy settings for each social network.
In the event that a service for interaction with social networks is installed, it is possible that, even if the Users do not use the service, it collects traffic data relating to the pages where it is installed.
11. USER RIGHTS REGARDING DATA PROCESSING
At any time, the user may exercise the rights provided by the applicable regulations on the protection of Personal Data, including the right to:
receive confirmation of the existence of their Personal Data and access its content (right of access);
update, modify and/or correct their Personal Data (right to rectification);
request the deletion or restriction of the processing of Data processed in violation of the law, including those for which storage is not necessary for the purposes for which the Data was collected or otherwise processed (right to be forgotten and right to restriction);
object to processing based on legitimate interest (right to object);
revoke consent, without prejudice to the lawfulness of the processing based on the consent given before revocation;
lodge a complaint with the Supervisory Authority in case of violation of the rules on the protection of Personal Data;
To exercise these rights, the user may contact the Data Controller at any time by sending a request to the following email address gdpr@accossato.eu or by registered mail to the following address: A.G. S.a.s. di Accossato Giovanni, Via Don E. Bruno, 6, 10029 Villastellone (TO) – Italy.
11. CHANGES TO THE PRIVACY POLICY
The constant evolution of our services may entail changes in the characteristics of the Personal Data processing described herein. This privacy policy may undergo changes and additions over time, as necessary due to new regulatory interventions in the field of Personal Data protection, or the evolution/modification of our services. Therefore, we invite you to periodically review the contents of our policy: where possible, we will try to inform you promptly of the changes made and their consequences.