This document therefore explains to users (‘Data Subjects’) the methods adopted to handle processing operations, and also constitutes a privacy notice, submitted in keeping with legislation regulating the Protection of Personal data.
1. The Data Controller
The Data Controller is the company Lanieri S.r.l., Via Corradino Sella 10, Biella (BI), tax code and VAT registration no. 03777840244. The Data Controller establishes the purposes for which data are processed and the methods adopted.
2. Purposes for which data are processed and legal basis
2.1. Collection of data
2.2 Purposes and legal basis
- to provide services relating to registration and access to reserved areas or to specific services (during website registration processes, we collect the relevant e-mail address, personal data and/or shipment information and the password, with the use of on-line registration forms);
- when expressly requested, to send our newsletter by e-mail;
- for necessary purposes in order to provide full information and assistance regarding the services and/or the purchasing of products on the Site (in order to provide assistance services, we collect your personal data through our Customer Service in the section “Contact us”);
- in order to complete the purchasing of products on the Site (we collect your personal data, such as e-mail address, personal data, postal address, credit card and bank details and telephone number via the order form);
- in order to provide information regarding navigation problems, browser compatibility or uploading of web pages from the Site (collecting and processing data in response to a request for technical assistance);
- in order to prevent or discover fraudulent activity or improper use detrimental to the Site;
- so that Lanieri S.r.l. can exercise its rights (such as, the right to defend itself in legal actions);
- to allow you to save the products you like the most in your virtual shopping cart;
- in order to make appointments with the Atelier or to subscribe to the “Ambassador” program;
- having obtained express, specific consent, for marketing, analysis and profiling activities, such as:
- commercial information and/or promotions by paper mail (or flyer) and telephone or via electronic communications such as e-mails, text messages and other automated systems available for this purpose, aimed at publicizing new products and improving the services offered;
- market research and surveys on the quality of the services and customer satisfaction, also through specialized companies, with the aim of improving the products and services offered;
- profiling aimed at analyzing the needs, tastes, choices and habits of consumers, also through electronic processing, in order to provide information on products or services that reflect the preferences and interests of the users;
- analyses of aggregate data relating to the user’s behavior or analysis of the user’s behavior on the website.
The processing of your data for marketing and profiling purposes requires your clear, specific consent; nevertheless, we must inform you that the Data Controller may process your personal data for other purposes, even if you do not give your consent, in certain circumstances envisaged by the law (for example, whenever necessary in order to comply with a legal obligation) or whenever necessary in order to perform contractual obligations towards users (for example, if the user has purchased products on the Site) or when you have requested to benefit of specific services via our website.
All the personal data provided are therefore processed exclusively for purposes connected with the activities conducted by Lanieri S.r.l., on the following legal bases (defined as each case arises):
- consent (necessary for marketing, profiling purposes and/or to transfer your data to third parties or to personalize a user profile on the website);
- the execution of a contract to which the user is a party (e.g. to send information connected with the services via e-mail and/or text messages and/or any other means of communication, for the purpose, for example, of confirming an order or notifying that modifications have been made to our services, and to receive payments or transfer payments when a product is returned) or pre-contractual measures taken at the user’s request;
- the performance of legal obligations by which the Data Controller is bound;
- the legitimate interests of the Data Controller (as specified below).
Your personal data are processed mainly in electronic format, and in some cases also in paper format.
Marketing, advertising and promotional activities and the supply of information regarding products and services, as well as statistical analyses aimed at establishing the degree of customer satisfaction with the services offered, are carried out through traditional channels (such as paper mail and calls via the operator), and also digital automated channels (such as e-mail, text message, browser and social network).
The purposes for which your personal data are processed may, in any event, be made known specifically, as each case arises, in the privacy notice that the Data Controller submits to the user on the page on which the conferment of personal data is requested.
The Data Controller may find it necessary to process personal data of third parties transferred directly by its users, for example, in the case of the “Lanieri Ambassador Program” service when the user shares the discount code with friends, or if a purchased product is to be sent to a third party, or if the subject who pays the purchase price for the product is not the subject to whom the product is to be sent.
In all these circumstances, make sure that you obtain the consent of the person to whom the data refer before passing them on to Lanieri S.r.l. and that you have informed the individual concerned about the processing, seeing that you will be held solely and exclusively responsible for the transfer of information and data relating to third parties, even if not expressly requested, and for the improper or unlawful use of the data. In any event, Lanieri S.r.l. will, in so far as it is obliged to do so by legislation, satisfy its obligation to inform the user indicated and, whenever necessary, will ask for his express consent when recording the relevant personal data in its files.
2.3 Legitimate interests of the data controller and/or third parties
As indicated above, Lanieri S.r.l. may process your personal data for marketing purposes, having first obtained your express consent, using the contact details provided when you registered on the Site. Nevertheless, in the legitimate interests of the Data Controller, if the ad relates to products similar to those already purchased, you may receive it at your e-mail address without your express consent, provided that you did not withhold your consent to the use in question when you provided your e-mail address or on subsequent occasions (so-called “soft spam” according to art. 130, paragraph 4, of Italian Legislative Decree no. 196/2003 dated 30 June 2003). Similarly, we may process your data without your consent in order to provide the services that you have willingly requested (in order, for example, to assess optimization of the efficiency of our advertising campaigns, to set up, exercise or defend the Data Controller’s rights, or when the processing is necessary in order to prevent fraud on the Site or to guarantee security and proper functioning).
3. Nature of the data and consequences of refusing to reply
The conferment of personal data to Lanieri S.r.l. (in particular, personal details, e-mail address, postal address and telephone number) is necessary in order to enter into the contract for the purchase of products on the Site.
Some of these data may, on the other hand, be of fundamental importance when supplying other services provided on the Site at your request or when performing obligations laid down by legislation or regulations.
The refusal to provide the data necessary for these purposes may make it impossible to execute the contract for the purchase of products on the Site or to provide other services available – such as assistance services – or also, to perform obligations laid down by legislation or regulations in a proper manner.
The transfer to the Data Controller of additional data, differing from those conferred as a mandatory requirement, for the purpose of performing its legal or contractual obligations, or of supplying particular services on request, is, on the other hand, optional and will not influence the use of the website and the services it offers, or the purchasing of products.
Depending on the case and whenever necessary, you will be duly informed, as each case arises, of whether the conferment of your personal data to the Data Controller is mandatory or optional. We will point out whether the transfer of your data is mandatory or optional with a notice (“please fill in this field”) or by means of a specific character (*) indicating that the information is mandatory or merely data required to provide services and permit products to be purchased on the Site. We remind you that failure to supply personal data when optional will not subject our users to any obligation or disadvantage them in any way.
4. Transfer of data outside the EU
Your personal data will not be transferred abroad to countries that are not members of the European Union and are unable to guarantee that the interests of individuals are adequately safeguarded. If it should prove necessary to do so in order to provide the services requested (for example, with certain processing operations that may be delegated out to suppliers who do not operate within the European Union) or in order to enter into a contract for the purchase of products, we assure you that transferring data to countries that are not members of the European Union and are unable to guarantee adequate standards of protection will be conditional on Lanieri S.r.l. and the subjects concerned entering into specific contracts containing appropriate protective clauses and guarantees capable of safeguarding the personal data provided (e.g. standard contractual clauses approved by the European Commission) or on other requisites laid down by applicable Italian and European legislation being met.
5. Rights of the data subject
Users are entitled, at any time, to obtain confirmation as to whether or not personal data regarding them exist and to receive them in an intelligible form.
Data Subjects are entitled to be given an indication:
- of the content and origin of the personal data;
- of the purposes for which data are processed and the methods adopted;
- of the method applied in the event data are processed with the use of electronic tools;
- of details identifying the Data Controller and data processors;
- of the storage period envisaged for the specific categories of data processed;
- of the subjects or categories of subjects to whom the personal data may be transferred or to whose attention they may be brought, when acting as processors or persons in charge of processing.
Data Subjects are also entitled:
- to have data up-dated, rectified or, when in his or her interests, supplemented;
- to have data processed (e.g. in contravention of the law) deleted, rendered anonymous or the circulation thereof restricted, including any information that need not be kept in relation to the purposes for which the data was collected or subsequently processed;
- to data portability to another Data Controller;
- to oppose processing (e.g. for the dispatch of advertising or direct marketing material or in order to carry out market research or for commercial communication purposes);
- to oppose any automated decision-making process (including profiling);
- to revoke any consent given, when envisaged (it is to be noted that the revocation of consent will not prejudice the legitimacy of processing based on the consent conferred before it was revoked);
- to receive confirmation that the operations referred to in the previous paragraphs have been brought to the attention, also with regard to their contents, of the subjects to whom the data were transferred or disseminated, apart from cases in which this obligation proves impossible or requires means that are evidently disproportionate to the right being protected.
The right to oppose the processing of personal data for marketing purposes can be exercised in connection with both so-called automated contact methods (e.g. e-mail, text message, WhatsApp or other social media, etc.) and traditional methods (paper mail and telephone); this right may be exercised either wholly or partly (e.g. only in connection with communications transmitted by paper mail or telephone, or by opposing solely the transmission of promotional communications with the use of automated tools such as e-mail, test message), also on your own initiative through the specific services made available to the user (e.g. by de-selecting the relevant tick box in the newsletter).
In order to exercise the aforementioned rights, users may write to the processor responsible for responding to users exercising their rights, by emailing email@example.com, indicating 'Privacy' as reference.
Finally, please note that the Data Subject is entitled to make a claim to the Italian Data Protection Authority either in order to exercise his rights or in connection with any other matter relating to the processing of personal data.
6. Subjects to whom personal data may be transferred
To receive a full list of the Processors handling your data, you can contact our customer care service in the section “Contacts” or email firstname.lastname@example.org.
Your personal data will not be transferred, communicated or passed on to third parties for purposes that are not authorized by law or without your express consent. In addition to the companies that act as Data Processors, personal data are also made available to third parties (autonomous data controllers) who process the data autonomously, solely for the purpose of executing contracts for the purchase of products on the Site and for additional purposes linked to the supply of the services requested by the user (for example, in purchasing transactions, the bank providing electronic remote payment services, by means of credit/debit card).
These third parties, with whom we work in close contact and who may be the recipients of the user’s personal data, include, merely by way of example:
- social media platform partners, who may offer connection services (such as connection to profile information) from their social media platforms to our website;
- providers of services connected with the delivery of products purchased or the handling of payments;
- providers of IT services or solutions backing up the internal customer care service or Marketing (e.g. the “Live chat” service).
Your data will not be disseminated. However, this does not prejudice the transfer or dissemination of data required by law, by police forces, judicial authorities, information and security organizations or other public bodies for purposes connected with the defense or security of the State or the prevention, verification or repression of crimes.
7. Data storage period
Your personal data are processed for the length of time strictly necessary to achieve the purposes listed above.
The following criteria are adopted to establish the storage period:
- specific legislative provisions that regulate the activities conducted by Lanieri S.r.l.;
- the period for which the user subscribes to the newsletter (for marketing purposes), until such time as the subscription is revoked;
- tax legislation with regard to the processing of data of an administrative-accounting nature (10 years); more precisely, the storage period laid down by tax and accounting legislation applicable is applied to financial data (e.g. payments, refunds, etc.).
With reference to data collected for commercial purposes, details of purchases referring to identifiable users are stored for 12 months (from the date on which this information is obtained) for the transmission of targeted commercial communications (profiling) and 24 months for direct marketing purposes.
The data covered by profiling may therefore be stored for this purpose solely for a period not exceeding twelve months from the date on which they were registered, with the exception of the genuine transformation of data into anonymous form, thereby not allowing Data Subjects to be identified, even indirectly or by connecting to other databases (profiling operations will be carried out using data strictly necessary to achieve the stated purposes).
The personal data of a “registered” user, instead, will be stored for:
- 12 months from closure of the account;
- 10 years after the last visit to our website (e.g. access to personal area, purchase by a logged user, etc.), if the user does not close the account.
Finally, the Customer’s personal data may also be kept for the length of time permitted by Italian legislation protecting the legitimate interests of the Data Controller company (art. 2947, par. 1 and 3 of the Italian Civil Code).
8. Processing based on automated decisions and profiling
In any event, if you have subscribed to one of our services (e.g. in the “registered users” section on the website) using authentication methods on social media (e.g. Facebook) or on Google, Lanieri S.r.l. may access particular personal data (for example, first name, surname, e-mail etc.) found in the social media account or the user’s profile, in keeping with the operating conditions applying to the platform in question. We may also collect any of your personal data when interacting with third party social media functions, such as “I Like”.
Apart from the situations described above relating to the profiling of users’ behavior on the website and the analysis of consumer tastes and habits, Lanieri S.r.l. does not adopt any other automated data processing methods that could have decision-making effects on the user’s legal domain.
9. Processing for additional purposes
The Data Controller may, once you have been specifically informed, also process your data for purposes in addition to those indicated above, provided that they are compatible with the initial purpose stated when the data were collected. If an additional purpose is incompatible with the initial purpose, your consent must be given and you will be informed in advance so that you can up-date or modify your preferences (following the instructions given), thereby confirming or withholding your consent to the use of your personal data.
Your consent will not be necessary if the additional processing carried out by the Data Controller is based on other grounds for legitimacy, such as compliance with a legal obligation on the part of the Data Controller or the performance of contractual obligations.
This Site and the services it offers are not intended for subjects aged under 18, and the Data Controller does not intentionally collect personal information relating to minors. In the event that information relating to minors is involuntarily registered, the Data Controller will delete them promptly, at the users’ request.
11. Applicable law and contacts
These legislative provisions ensure that personal data are processed in a manner that respects fundamental rights and liberties, as well as the dignity of the Data Subject, with particular reference to confidentiality, personal identity and the right to safeguard personal data.
Last revised January 2018.