Information on the processing of personal data pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR)

Premise

This information, provided pursuant to articles 13 and 14 GDPR refers to the website www.evvisco.com (the “Site”) and is provided by Le Soleil Bleu di Massimo Marletto,  registered office Via Vittorio Emanuele 105, 16030 Moneglia, CF MRLMSM75L31I693N, VAT number 02187450990, Cam. Com GE REA 467171, as Data Controller of personal data (hereinafter referred to as “Evvisco”).

The Site is owned by Evvisco, which is also the owner of the corresponding domain name.

In this disclosure, the definitions in the singular also include those in the plural, and vice versa.

In compliance with the GDPR, with this information we intend to inform you that Evvisco will process the personal data provided and collected through the Site as described below.

Types of data processed, purposes and legal bases of the processing

Evvisco will process the personal data collected and/or provided through the Site according to the methods and for the purposes described in this section.

 

2.1 Registration on the Site

Data processed. When a person decides to register on the Site, regardless of whether they make a purchase or not, Evvisco may collect the following categories of personal data referring to them: name, surname, e-mail address.

Purpose of the treatment. The data collected pursuant to this paragraph will be collected and processed to allow an interested party to register on the Site by creating an account on the same, as well as, following registration, to allow him to access his own reserved area on the Site and to use the services on -line offered by Evvisco to registered users.

iii. Legal basis. The legal basis on which the treatments described in this paragraph are based is represented by the need to execute a contract, pursuant to art. 6, par. 1, lit. b) GDPR, since registration is necessary to purchase Evvisco products through the Website and in any case to create an account on the Website.

Need to provide data. The provision of the data mentioned in this paragraph is necessary and, failing that, it will not be possible to register on the Site and purchase Evvisco products through it.

Storage period. The data provided during registration on the Site will be kept by Evvisco until the account is canceled by the data subject to whom they refer. Without prejudice to the possibility of extending the aforesaid retention period where this is necessary to fulfill a legal obligation to which Evvisco is subject or to protect a right of Evvisco before a competent authority.

 

2.2 Making purchases through the Site

Data processed. When a data subject places a purchase order through the Site, Evvisco will process the following categories of personal data:

name surname;

e-mail;

telephone number;

data relating to the purchase (transaction amount, purchased products);

shipping and/or billing address;

data relating to the payment methods used (e.g. bank details, postal details).

For further information on the processing of data relating to users’ payment cards or PayPal accounts, please consult the following paragraph 3

Purpose of the treatment. The data mentioned in this paragraph will be processed to allow the conclusion of the purchase contract and the correct execution of the operations connected to the same, including the shipment of the products purchased by the interested parties (and, if necessary according to sector legislation, to fulfill the obligations tax).

iii. Legal basis. The legal basis of the processing is represented by the need to execute the contract signed by the specific user when he purchases an Evvisco product on the Site (Article 6, paragraph 1, letter b) of the GDPR).

Need to provide data. The provision of the data mentioned in this paragraph is necessary and, failing that, it will not be possible to purchase Evvisco products through the Site.

Data retention period. Evvisco will keep the data processed to allow the purchase of its own product through its Site for a maximum period of 10 (ten) years from the purchase itself, without prejudice to the possibility of extending the aforesaid retention period in the event that this is necessary to comply with a legal obligation to which Evvisco is subject or to protect a right of Evvisco before a competent authority.

 

2.3 Marketing Activities

Data processed. Some of the personal data provided by a user when registering on the Site or during the purchase of a product through the Site, such as: e-mail address, telephone number and postal addresses.
Purpose of the treatment. Evvisco may process the personal data mentioned in this paragraph to carry out marketing activities, which may take the form of:
a) limited to Evvisco customers, when sending e-mail messages – to the coordinates provided by them in the context of a purchase through the Site or at the time of registration – referring to products similar to those purchased through the Site (so-called soft- spam)
b) in sending promotional newsletters, in carrying out market surveys, also aimed at assessing the degree of user satisfaction, and in sending advertising material relating to Evvisco products and/or services, also by means of systems automated, such as e-mails and/or push notifications, or through traditional methods (e.g. paper mail or brochures ) (marketing purposes), also referring to products not similar to those purchased by a customer through the Site or aimed at users who are not yet customers of Evvisco. The promotional messages and communications in question may refer not only to Evvisco products but also to products of companies belonging to the same Evvisco group. In this regard, however, Evvisco will not share the data of interested parties with these companies but will itself proceed to send the communications and messages relating to their products. In this case, the legal basis of the processing is the consent of the interested parties to carry out this type of activity;

iii. Legal bases of the treatments. The legal bases on which the processing of personal data by Evvisco for direct marketing purposes are based are, respectively:

a) the legitimate interest of Evvisco in the case of communications relating to products similar to those purchased by its customers on the Site (soft-spam), in application of the provisions of art. 6, par. 1, lit. f) GDPR and art. 130, paragraph 4 Legislative Decree 196/2003 (“Privacy Code”). Without prejudice to the possibility for users to object to the processing in the manner set out in the following paragraph
b) the consent of the interested parties in the case of promotional messages sent to interested parties who are not customers of Evvisco or relating to products that are not similar to those already purchased by a customer of Evvisco (Article 6, paragraph 1, letter a) of the GDPR).

Interested parties may object, at any time, to the processing of their personal data for this purpose according to the following methods:

revoke marketing consent: by accessing the specific “Access – Consent” section of your account on the Site or by writing an e-mail to massimo.marletto@gmail.com from the e-mail address with which you registered on the Site;
unsubscribing from a newsletter: by clicking on the appropriate link located at the bottom of each newsletter or by accessing the specific “Access – Consent” section of your account on the Site or by writing an e-mail to massimo.marletto@gmail.com from the email with which you registered on the Site by indicating the newsletter from which you want to unsubscribe or by contacting the Data Controller at the contact details indicated in § 7 below.

If you wish to unsubscribe from the Site, you can send an e-mail to the Company’s Data Protection Manager at massimo.marletto@gmail.com from the e-mail address with which you registered on the Site.

Furthermore, users registered on the Site will always be able to check and manage their consent from their account page.

Need to provide data. The provision of data referred to in this paragraph, as well as the provision of consent to the processing of the same where necessary, is optional and any absence will not affect either the registration of a user on the Site or the completion of a purchase through the same.
Data retention. The data processed for direct marketing purposes will be kept for a period of 24 (twenty-four) months from the provision of the same and the provision of consent to their treatment, where required. At the end of this period, Evvisco will proceed to request the renewal of consent to the processing of such data. Without prejudice to the possibility of Evvisco to extend the aforesaid retention period in the event that this is necessary to fulfill a legal obligation imposed on Evvisco or to protect a right of Evvisco before a competent authority.

2.4 Profiling

Data processed. Data provided as part of registration on the Site or during a purchase on the same, data relating to the preferences and purchasing habits of users of the Site.
Purpose of the treatment. The personal data mentioned in this paragraph may be processed by Evvisco for the performance of profiling activities, i.e. for the analysis of the preferences and consumption habits of the interested parties, through the detection of the type and frequency of purchases made by them, aimed at to the sending of personalized advertising material or promotional communications by Evvisco, as well as to present to the interested parties products of specific interest.

iii. Legal basis. The legal basis on which the profiling activities carried out by Evvisco are based is represented by the consent of the interested parties pursuant to art. 6, par. 1, lit. a) GDPR.

Need to provide data. The provision of the data described in this section, as well as the provision of consent to the processing of the same is optional and, failing that, it will not be possible for Evvisco to deliver personalized promotional messages and communications to the interested parties. The lack of consent to the processing of data will not affect the possibility for an interested party to register on the Site and/or make purchases through the Site.
Storage period. The data processed for profiling purposes will be kept for a period of 12 (twelve) months from the provision of the same and the provision of consent to their treatment, where required. At the end of this period, Evvisco will proceed to request the renewal of consent to the processing of such data. Without prejudice to the possibility of Evvisco to extend the aforesaid retention period in the event that this is necessary to fulfill a legal obligation imposed on Evvisco or to protect a right of Evvisco before a competent authority.

Users registered on the Site will always be able to check and manage their consent from their account page.

2.5 Data provided during contacts with data subjects

Data processed. Evvisco may process the personal data provided by data subjects (e.g. name, surname, contact details, any other information contained in requests from data subjects) when they decide to contact the owner company via the contact details on the Site (e.g. telephone number, e-mail, paper mail), as part of the customer care service or for any other request relating to Evvisco products and activities.
Purpose of the treatment. Evvisco will process the personal data referred to in this paragraph for the sole purpose of providing a reply to the requests presented by the interested parties.

iii. Legal bases of the treatment. The legal bases of the treatments described in this paragraph are represented by:

a) the need to execute a purchase contract in the case of interested parties who contact Evvisco for customer care activities (Article 6, paragraph 1, letter b) of the GDPR);
b) the consent of the interested parties in the event that they contact Evvisco for any other kind of information (Article 6, paragraph 1, letter a) of the GDPR). In particular, the fact that an interested party decides to contact Evvisco by submitting a request to it will be considered an unequivocal positive action equivalent to a written consent pursuant to art. 4, no. 11) GDPR.
Need to provide data. The provision of data referred to in this paragraph is optional but, failing that, Evvisco will not be able to follow up on the requests presented by the interested parties.
Storage period. The data processed according to what is reported in this paragraph will be kept for the period strictly necessary to provide a reply to the requests of the interested parties. The possibility remains for Evvisco to extend the aforesaid period in the event that this is necessary to fulfill legal obligations to which it is subject or to protect a right of Evvisco before a competent authority.

2.6 Navigation data

When a user visits the Site, Evvisco collects the following navigation data:

technical information, including IP address, information on the devices used by visitors to the Site, on the browser and operating systems, etc.
information on navigation on the Site, including the URL of the pages visited and activities that are performed on the page, dates and times of navigation, time spent on the Site, click stream.

This information is collected for the correct functioning, management, maintenance and improvement of the Site, as well as to ensure that navigation of the interested parties takes place in safety and to be able to ascertain responsibility in the event of cyber-security violations. They are also used to allow Evvisco to obtain statistical analyzes on the use of the Site with the possibility of analyzing the data also in aggregate form and to allow you to receive promotional announcements in line with your wishes and interests.

The processing of navigation data is also necessary to allow purchases to be made through the Site.

Site users are always free to decide whether to provide their navigation data, for example by choosing to disable cookies through their browser settings. However, the refusal to provide information necessary for navigation purposes could make it impossible to carry out activities strictly connected with the navigation itself and, therefore, also the consultation and interaction with our Site, as well as with making purchases through the Site.

These data are kept only for the time strictly necessary for the purposes for which they are collected.

Navigation data is collected through the use of cookies. To learn more about how cookies work, how to activate and deactivate them, consult our cookie policy.

2.7 Plug-ins and interaction with social networks

The Site allows interaction with third-party sites and social networks (Google, Instagram, Facebook) through hyperlinks, sharing buttons, social plug-ins and other similar tools.

By accessing one of the areas of the Site equipped with this type of tool, the Internet browser will connect the interested parties directly to the servers of the third-party sites in question, thus transferring their personal data to the managers of these sites.

The data transfer will be carried out on the basis of the consent of the interested parties, expressed unequivocally when they click on a specific hyperlink, plug-in button or other similar tool.

Depending on the specific agreements they have with the managers of such third-party sites, Evvisco may act as independent data controller or joint data controller with regard to such data transfers. As regards the privacy protection methods and the processing of personal data collected by the managers of third-party sites with which the interactions described take place, please refer to the related sites.

  • Payment card data. Use of PayPalTo make a payment using one of the types of payment card indicated on the Site, the user enters the confidential data of the payment card directly on a page that communicates through a secure encryption protocol with the payment service provider (acting as independent data controller), without passing through the Evvisco server which, therefore, will not process such data in any way. The data will be acquired in encrypted format.

    On the Site it is also possible to purchase through the PayPal payment instrument. In this case, the user will be directed to a page external to the Site, in which he will have to indicate the personal data requested by PayPal – which acts as an independent data controller – to complete the purchase process. Personal data does not transit from the Evvisco server which, therefore, will not process such data in any way.

    With reference to the processing of payment card data and those requested by PayPal, please note that the same is necessary to allow the online purchase contract to be concluded with Evvisco. Failure to provide this data, therefore, will not allow users to complete the online purchase process.

    Processing methods

    The processing of personal data of the interested parties will mainly be carried out with the aid of electronic or automated means, according to the methods and with the tools suitable for guaranteeing the security and confidentiality of the data in compliance with the GDPR. In particular, all the technical, IT, organisational, logistic and procedural security measures necessary to guarantee the minimum level of data protection required by law will be adopted, allowing access only to persons in charge of processing by Evvisco or its data processors designated by Evvisco.

    The information acquired and the methods of treatment will be pertinent and not excessive with respect to the type of services rendered. The data will also be managed and protected in environments whose access is under constant control.

    Communication and dissemination of data

    The personal data of the interested parties processed in accordance with this information may be communicated:

    to all those subjects (including the Public Authorities) who have access to personal data by virtue of regulatory or administrative provisions;
    to companies or third parties responsible for printing, enveloping, shipping and/or delivery and/or collection of products purchased through the Site;
    to post offices, couriers or shippers in charge of delivering the products purchased through the Site;
    to banks and companies that manage national or international payment circuits through which online payments are made for products purchased through the Site;
    to companies, consultants or professionals who may be in charge of the installation, maintenance, updating and, in general, the management of the hardware and software of Evvisco or which it uses for the provision of its services;
    to external companies responsible for sending advertising communications on behalf of Evvisco;
    to employees and/or collaborators of Evvisco;
    to subjects who manage online payment transactions;
    to persons responsible for the repair of products purchased in execution of the legal guarantee of conformity or in any case of damaged products;
    to all those public and/or private subjects, natural and/or legal persons (legal, administrative and tax consultancy firms, Judicial Offices, Chambers of Commerce, Chambers and Labor Offices, etc.), if the communication is necessary or functional to the correct fulfillment of the contractual obligations assumed, as well as the obligations deriving from the law.

    The data relating to the interested parties will not be disclosed, except in anonymous and aggregated form, for statistical or research purposes.

    Data transfer outside the EEA

    Evvisco will not transfer the personal data of data subjects to countries outside the European Economic Area (“EEA”), which includes, in addition to the member states of the European Union, Norway, Lichtenstein and Iceland.

    In the event that this proves necessary to pursue the purposes of the treatments described in this Information, Evvisco guarantees that all possible transfers of data outside the EEA will take place in such a way as to guarantee the full protection of the rights and freedoms of the same. Where, with regard to the recipient third country, no adequacy decisions have been issued by the European Commission, the data transfers will be carried out by adopting the guarantees provided for by articles 46 and following of the GDPR including the standard contractual clauses approved by the European Commission, and a weighted assessment of legislation of any third country of destination.

    Data Controller

    Evvisco, as Data Controller of personal data, can be contacted at the following addresses:

    Address: Evvisco – Via Vittorio Emanuele 105, 16030 Moneglia.

    Email: to send us a communication via email, you can access the Contact page.

    Evvisco, in application of current legislation, has appointed a Data Protection Officer (DPO) who can be contacted for any request or need related to the protection of your personal data at the following e-mail address: massimo.marletto@gmail.com

    Rights of the interested party

    Pursuant to art. 13 of the GDPR, Evvisco informs you that you have the following rights in relation to your personal data:

    Access: you can obtain information regarding the processing of your personal data and a copy of such personal data (art. 15 GDPR);
    Rectification: if you believe that your personal data are inaccurate or incomplete, you can request that such data be rectified or modified following your instructions (art. 16 GDPR);
    Cancellation: You have the right to request the cancellation of your personal data, which will be granted in the cases provided for by the applicable legislation, and in particular if: (a) the personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed ; (b) in the event that the processing of your data is based on consent, you withdraw the consent in question; (c) you oppose the processing and there are no overriding legitimate reasons to continue (moreover, your right to object to processing for direct marketing purposes is absolute); (d) your personal data is processed unlawfully; (e) your personal data must be erased to comply with a legal obligation; (f) the personal data refer to minors and have been collected in relation to the offer of information society services (Article 17 of the GDPR);
    Limitation: you can obtain the temporary limitation of the processing of your personal data in the event of one of the following hypotheses: (a) you contest the accuracy of the personal data, for the period necessary for Evvisco to verify the accuracy of the same; (b) the processing of your personal data is unlawful but you oppose the cancellation of the same and instead request that their use be limited; (c) although Evvisco no longer needs it for processing purposes, your personal data is necessary for you to ascertain, exercise or defend a right in court; (d) You have objected to the processing pursuant to art. 21, par.1 GDPR, pending verification of the possible prevalence of legitimate reasons of the data controller with respect to those invoked by you (art. 18 GDPR);
    Opposition: in relation to your particular situation, you have the right to object to the processing of your personal data based on the legitimate interest of Evvisco pursuant to art. 6, par. 1, lit. f) GDPR at any time. Once the opposition has been received, Evvisco will continue with the processing only if there are demonstrable legitimate and binding reasons that prevail over your rights, interests and freedoms or for the assessment, exercise or defense of a right in court. You have the absolute right to object at any time to the processing of your personal data carried out for direct marketing purposes, including profiling to the extent that it is connected to such direct marketing (art. 21 GDPR);
    Withdrawal of consent: in the event that the processing of your personal data is based on consent, you have the right to withdraw your consent at any time (art. 7 GDPR);
    Data portability: where the processing is based on consent or is necessary for the execution of a contract, you have the right to receive the personal data you have provided us in a structured format, commonly used and readable by an automatic device and, if this is technically feasible, to the secure transmission of your personal data to another data controller (art. 20 GDPR).

    2.8 Procedure for exercising the rights of the interested party.

    In addition to the provisions of paragraph 2.3, the rights referred to in this point 8) may also be exercised by you with a request made – without formalities – to the Data Protection Officer (DPO), by sending an email to the following address: massimo.marletto@ gmail.com (from the email with which you registered on Evvisco) or with a request addressed to Evvisco, via Vittorio Emanuele 105, Moneglia. These requests will be processed without delay and, in any case, in accordance with the deadlines established by current legislation.

    Protection of your rights

    To safeguard your rights and to protect your personal data, you may, at any time, decide to lodge a complaint with the competent supervisory authority (for Italy, the Guarantor for the protection of personal data – Piazza Venezia, 11 – 00187 Rome; Phone +39 06 696771; e-mail protocollo@gpdp.it) or to bring an action before the competent national judicial bodies.

    Without prejudice to this right, we always invite you to contact us to exercise your rights through our contact channels listed in the previous par. 2.8.

    Changes

    Evvisco reserves the right to make changes to this information at any time, giving appropriate publicity to users of the Site and in any case guaranteeing adequate and analogous protection of personal data. In order to view any changes, you are invited to regularly consult this information.

    In any case, should Evvisco make substantial changes to this information (e.g.: processing of personal data for different and further purposes), it will notify the interested parties by email.