POLICY REGARDING THE PROCESSING OF PERSONAL DATA
(pursuant to article 13 of EU Regulation 2016/679 “GDPR”)
As the Controller for the processing of personal data within the meaning of EU Regulation 2016/679 “General Data Protection Regulation”, Sculptures Nogler hereby informs on the following provisions regarding the protection of persons and other subjects as to the processing of their personal data. The processing of personal data is subject to the principles of correctness, lawfulness, transparency as well as the protection of confidentiality and the rights of the data subject. Personal data may only be collected, processed and used in accordance with the provisions of the aforementioned regulation and the confidentiality obligations contained therein.
1. DATA SUBJECTS
Data subjects are those persons who provide their data to one or more companies of the “Sculptures Nogler” in the following manner:
• by registering on the websites of the Sculptures Nogler;
• by registering for and using different services of the Sculptures Nogler;
• by purchasing goods through the websites of the Sculptures Nogler;
• by contacting (via telephone, fax, e-mail, etc.) the Consumer Care office of the Sculptures Nogler;
2. PURPOSES OF PROCESSING
The personal data provided will be processed for the following purposes:
a) Use of the services offered by the Sculptures Nogler – fulfilment of the purchase contracts concluded in the online store
The personal data of the data subjects are processed in order to enable those persons to use the services and to fulfil and carry out the sales contracts concluded in the online stores. In particular, the data will be processed for the following purposes:
• customer management;
• after-sale assistance;
• settlement of disputes;
• customer billing history;
• measurement of customer satisfaction;
• tax or other legal requirements.
The processing of personal data in connection with the purposes mentioned under lit. a) is necessary to ensure the correct management of the business relationship. The provision of personal data is mandatory in order to fulfil and carry out the above-mentioned purposes. The personal data that must be disclosed by the data subject are marked with an asterisk.
If the data subject does not provide or provides incorrect and/or incomplete mandatory personal data, the Controller cannot guarantee the performance of the service and/or the fulfilment of the contract.
The processing is carried out based on art. 6, par. 1, letter b) GDPR and, limited to compliance with tax and accounting legislation, on the basis of art. 6, par. 1, letter c) GDPR.
The personal data processed for these purposes will be processed for a period necessary for the provision of the services and/or for the fulfilment of the sales contract concluded with the data subject and thereafter as long as permitted by law.
b) Market studies and statistical purposes
For these purposes, the data are processed exclusively in anonymous form, meaning that an identification of the person concerned is no longer possible.
c) Direct marketing
The personal data will also be processed, with the consent of the data subject (art. 6, par. 1, letter a) GDPR), for the following marketing purposes:
• sending the brand newsletter) and newsletters;
• sending periodic commercial communications regarding products and services offered;
The provision of data for the purposes mentioned under lit. b) and c) is not mandatory and the refusal by the data subject to consent to the processing for this purpose will have no negative impact on the business relationship with the Controller. The person concerned may revoke his/her consent at any time.
For the purposes of direct marketing, the Controller also processes and evaluates data regarding the data subject's purchase behaviour and the use of websites of the Sculptures Nogler in order to carry out a profiling of data subjects which is used solely for sending personalised advertising material based on the interests of the data subject. For the purposes of direct marketing, the personal data of the data subject are processed until the previously given consent is revoked. The personal data processed for the purposes of profiling, including data on purchase behaviour, are processed in accordance with the cancellation policy of the Sculptures Nogler, in any case only for the maximum time permitted by law.
3. METHOD OF PROCESSING
The personal data may be processed in the following ways:
• processing of data through completion of factsheets, coupons and questionnaires;
• processing by computer and automated means;
• manual processing through paper-based archives;
• processing of data collected by third parties;
• transfer to third parties for processing operations.
The data will always be processed in accordance with the principles set out in art. 32 GDPR.
The personal data provided will be kept at the headquarter of the Controller and will only be passed on to persons who are in a position to provide the necessary services for the correct handling of the business relationship with the data subject and the fulfilment of the contract, always under guarantee of the protection of the rights of the data subject.
The personal data provided may be transferred to third parties solely for the purposes described above, and specifically to:
• forwarding agents, carriers, delivery services, mailing providers, logistics firms;
• consultants and professionals, in one-off disclosures or as part of a course of dealing;
• banks and credit institutions;
• providers of IT services.
5. DATA CONTROLLER
The Controller for the processing of personal data is Sculptures Nogler with office at via Chemun n.22, 39047 Santa Cristina (BZ), tel. +39 0471 793016, e-mail: email@example.com.
6. DATA PROTECTION OFFICER
The Controller has nominated a data protection officer for the Sculptures Nogler. The data protection officer can be contacted via: e-mail: firstname.lastname@example.org, tel. +39 0471 793016.
7. RIGHTS OF THE DATA SUBJECT
The data subject has the right to obtain from the Controller access, communication, rectification, integration, updating, cancellation and portability of personal data concerning him/her, as well as the right to exercise in general all the rights provided for in chapter III of the GDPR, as indicated below:
Chapter III (Art. 12 – 23) GDPR
a)access to personal data: the data subject has the right to obtain information free of charge about the personal data held by the Controller and processing of said personal data, as well as to obtain a copy in an accessible format;
b) rectification of data: the Controller will correct or supplement incorrect or inaccurate data, including data which has become incorrect or inaccurate due to a non-carried out update, on the basis of a notice received by the data subject in this regard);
c) withdrawal of consent: if the processing is carried out on the basis of a consent previously given by the data subject, the latter may withdraw consent at any time, without this, affecting the lawfulness of the processing provided before the withdrawal;
d) erasure of data (“right to be forgotten”): the data subject may request, for example, erasure when the data are no longer necessary for the purposes for which they were collected or processed or when they have been processed unlawfully, when they have to be deleted in order to fulfil a legal obligation, when the data subject has withdrawn consent and there is no other legal basis for the processing, or when the data subject objects to the processing;
e) restriction of processing: the data subject may request this in certain cases: – where the accuracy of the data is contested, within the time necessary for verification; – where the lawfulness of processing is contested and the data subject opposes to erasure; – need to use the data for the data subject's rights of defence, while they are no longer useful for the purposes of processing; if there is opposition to processing, during the time the necessary verifications are carried out – the data will be stored in such a way as to be restored, but, in the meantime, they are not available for consultation by the Controller except for the sole purpose to verify the validity of the data subject's request or its objections.
f) objecting in whole or in part to the processing for legitimate interests: in certain circumstances the data subject may nevertheless object to the processing of his/her personal data, in particular, if the personal data are processed for purposes of direct marketing, the data subject has the right to object at any time to the processing, including profiling to the extent that it is related to such direct marketing. When personal data are processed for purposes of scientific or historical research or for statistical purposes, for reasons related to his particular situation, the data subject has the right to object the processing, unless the processing is necessary for the performance of a task carried out in the public interest;
g) data portability: if the processing is based on consent or on a contract and is carried out by automated means, upon request of the data subject, the latter will receive in a structured format, commonly used and machine-readable, the personal data concerning him and may transmit them to another controller, without hindrance by the Controller to whom he provided them and, if technically feasible, may obtain that such transmission is made directly by the latter;
h) lodging a complaint with the supervisory authority (the territorial competent supervisory authority of data protection).
To exercise the rights indicated above, the person concerned may contact the Controller by post or by e-mail at the addresses indicated.
a) The Controller reserves the right to update this policy regarding the processing of personal data at any time for organizational reasons or in order to comply with new legal regulations. It is therefore recommended to visit this page regularly and to check the date of the last change indicated at the end of the page.
b) The last update of this policy was made on the 01/09/2018.
COOKIES ON OUR SITE
This website implicitly acquires, using Internet communications protocols, for and in the course of its normal operations, some personal data on the users who access the site, like IP address, domain names of the computers used for access, MAC addresses assigned by network and wireless card manufacturers, etc.
This information is not collected for the purpose of identifying users, but this could be done by associations and processing, including cross-referencing with third-party data; statistical information is obtained from this data on site usage and operations and further information in cases of establishing responsibility related to computer crimes.
What are cookies?
Cookies are small text strings that the websites visited by a user install on the user’s terminal; these strings are then re-transmitted to the site that installed them upon further visits by the user. When the user also receives cookies sent by other sites or web servers during site navigation, those cookies are called third-party cookies.
Cookies are installed for various purposes, possibly including the performance of computer authentications, navigation session monitoring, and language choice.
List of our installed cookies
Our website installs the following cookies:
Cookie Name, Origin, Length of time kept, Function, Cookie Type.
10 years, Saves the cookie box acceptance, Technical.
Session ID, between Browser und Server., Technical.
Google Analytics cookies have been rendered anonymous and the sharing of this information with Google has been prevented.
Procedures for disabling cookies
Google Chrome: https://support.google.com/chrome/answer/95647?hl=it
Internet Explorer: https://support.microsoft.com/it-it/help/17442/windows-internet-explorer-delete-manage-cookies
Mozilla Firefox: https://support.mozilla.org/it/kb/Attivare%20e%20disattivare%20i%20cookie
Links to the privacy policies of the third parties that install cookies
Google, YouTube: https://www.google.com/intl/it_it/policies/technologies/cookies/