Policy on the processing of personal data pursuant to the general regulation on data protection (GDPR)
The website accessible at www.filo-sofia.it (hereinafter “Site”) is owned by filo.sofia® with registered office in Borgo Santi Apostoli 9 – Vicolo dell’oro 1A – 50123 Firenze (hereinafter “filo.sofia® “).
1. Data controller
The owner of the personal data processing is filo.sofia® , with registered offices in Firenze (Fi) Borgo Santi Apostoli 9 – Vicolo dell’oro 1A – 50123 Firenze – P.IVA / VAT IT 06114660480 (hereinafter referred to as “Owner”)
2. Nature of processed data
Personal data identifying the user are processed, where personal data means any information relating to a natural person, identified or identifiable even indirectly by reference to any other information (Personal Data).
filo.sofia® , through the Site, also collects and records the user’s navigation data, which allow access to the Site and navigation of the same and are used in anonymous and aggregate form for statistical purposes and to verify the correct functioning of the Site.
In particular, the Personal Data that may be collected are as follows:
Contact data: name, surname, tax code, physical and e-mail address, telephone number, mobile phone number
Other personal data: if you decide to provide them, place and date of birth
Economic information on transactions: such as means of payment, information on purchases made, orders, returns, etc.
Geolocation and connection and/or navigation data
Users under 16 (sixteen) years of age may not consent to the processing of personal data without parental permission.
3. Purpose of the treatment
Personal Data is collected if you register as a user on the Site, to purchase products, to answer questions and wonders. In particular, Personal Data are processed for the following purposes:
A) to access and navigate the Site, in particular in the reserved areas of the Site;
B) to respond to user requests by using the form on the “Contact Us” page of the Site (www.filo-sofia.it);
C) for the establishment and execution of contractual relations and consequent obligations;
D) to send the newsletter for information and promotional purposes, after filling in the form on the page contact.
4. Obligatory/optional nature of data provision
The conferment of data requested at the time of activation of the Services for the purposes referred to in points 3.A 3.B, 3C above is mandatory, as it is strictly functional to the performance of the Services requested, and the fulfilment of legal obligations. Any refusal to provide the data will make it impossible for the Owner to provide the requested Services, and/or to comply with legal obligations.
The provision of the data for the purposes referred to in point 3D above is optional. However, failure to provide consent will make it impossible to receive the newsletter. It is possible to unsubscribe from the newsletter at any time and at no cost through the “newsletter” section of the Site by following the instructions provided therein.
For the navigation data collected and registered by the Site, please read the cookie information
5. Treatment methods
Your Personal Data:
(i) are collected electronically when the requested Services are activated, as well as through the use of the e-mail service, as well as processed through registration, consultation, communication, storage, deletion, carried out with the aid of electronic instruments and manually, ensuring the use of appropriate measures for the security of the data processed and guaranteeing its confidentiality.
(ii) stored and archived on a secure server located in Italy and/or on paper in special premises owned by the Owner, as well as protected against the risk of intrusion and unauthorised access through security measures and procedures adopted by the Owner in compliance with the regulations.
(iii) processed by collaborators and/or employees of filo.sofia® as data processors or persons in charge of processing, within the scope of their respective functions and in compliance with the instructions given by filo.sofia® itself.
6. Data’s communication
Should it be necessary, filo.sofia® may also communicate the personal data of the users to all subjects to whom the right to access such data is recognised by law.
Moreover, said data may be communicated to subjects appointed by filo.sofia® for the supply of Services that are instrumental or necessary for the performance of obligations connected to users’ requests.
In particular, the data may be communicated to:
1. persons, companies or professional firms, who provide assistance, consultancy or collaboration to filo.sofia® in accounting, administrative, legal, tax and financial matters;
2. persons delegated and/or appointed by filo.sofia® to carry out the activities or part of the activities related to the provision of the Services, and any other external collaborator to whom the communication is necessary for the correct fulfilment of the obligations assumed by filo.sofia® in relation to the provision of its Services;
3. Public Administrations for the performance of institutional functions within the limits established by law or regulations.
The user’s data are in any case not subject to disclosure.
Users may request an updated list of the persons involved in the processing of Personal Data relevant to the activities of the Website by writing an e-mail to: email@example.com
7. Period of data retention
Your Personal Data are stored by us only for the time necessary to achieve the purposes for which they were collected or for any other legitimate related purpose to which must be added the additional period provided for by law in compliance with civil, fiscal and tax obligations in force. In the event that the Personal Data collected is processed for two different purposes, we will retain such data until the longer period of time for which it is collected. In any case, Personal Data will not be processed for that purpose for which the period of retention has ceased.
For the sake of completeness, below are the storage times for the different purposes listed above:
A) to access and navigate the Site: the data processed for this purpose will be stored no later than 5 years after the last activity and/or access to our Site;
B) to respond to user requests by using the form on the “Contact Us” page of the Site: the data will be processed for the time necessary to satisfy the request and/or request;
C) for the establishment and execution of contractual relations and consequent obligations: the data processed to carry out any contractual obligation will be kept for the entire duration of the contract and in any case no later than the following 10 years, for tax and contractual purposes;
D) for sending curricula vitae for the positions offered in the “Job” section of the Site: the data will be kept for 6 months from receipt;
E) for sending the newsletter for information and promotional purposes: the Personal Data processed for marketing purposes will be kept for 24 months from the date on which your last consent was given for this purpose, except for the opposition to receive further communications.
At the end of the data processing period, the data will be deleted, i.e. made permanently anonymous.
8. Legal basis of the processing
The legal basis for the processing is the user’s consent, the fulfilment of a contractual obligation and the provisions of the law
9. Rights of the user
Users may assert their rights, as expressed in Articles 15, 16, 17, 18, 19, 20, 21, 22 of EU Regulation 2016/679, by contacting the Data Controller, or the Data Processor, if appointed.
In particular, the user will have the right, at any time, to ask the Data Controller at the email address firstname.lastname@example.org access to your Personal Data, rectification, cancellation of the same, limitation of processing, revocation of consent. Furthermore, you have the right to oppose, at any time, the processing of your Personal Data (including automated processing, e.g. profiling, if carried out by the Data Controller), as well as the portability of your Personal Data.
Without prejudice to any other administrative and judicial remedy, if the user considers that the processing of his/her Personal Data violates the provisions of EU Reg. 2016/679, pursuant to art. 15 letter f) of the above mentioned EU Reg. 2016/679, he/she has the right to lodge a complaint with the Data Protection Authority using the contact details available on the authority’s website www.garanteprivacy.it and, with reference to art. 6 paragraph 1, letter a) and art. 9, paragraph 2, letter a), he/she has the right to revoke his/her consent at any time. In the case of a request for data portability, the Data Controller will provide you with your personal data in a structured, commonly used and readable format, by automatic device, without prejudice to paragraphs 3 and 4 of Article 20 of EU Reg. 2016/679.