INFORMATION ON THE PROCESSING OF PERSONAL DATA
Dear Customer,
pursuant to and for the purposes of Art. 13 of the New European Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data (GENERAL DATA PROTECTION REGULATION – GDPR)
As required by the General Data Protection Regulation of the European Union (GDPR 2016/679, Article 13), before proceeding with the processing, the Interested Party (user of the website www.ardemia.it) is informed that the personal data collected through the site are subject to processing by the Company using IT and/or telematic tools, for the purposes indicated in this information notice.
To this end, the interested party is provided with the Privacy Policy prepared by ARDEMIA Srl (hereinafter also “ARDEMIA” or “the Company” or “the Data Controller”), creator and promoter of the activities available on the website www.ardemia.it.
Data Controller
The Data Controller is ARDEMIA Srl, with registered office in Via Mulo 60, Capri (NA) 80073, VAT number: 16491481004.
The Company has identified a Data Protection Officer pursuant to Articles 37 and following of European Regulation 2016/679, who is Avv. Sara D'Alterio.
This subject may be contacted for clarifications and questions regarding the processing of personal data at the address: info@ardemia.it
For further information regarding the rights of the interested party, please consider the Paragraph entitled “Rights of the interested parties” of this information notice.
Information on the treatment
The personal data subject to processing are collected directly by ARDEMIA Srl or by third parties expressly authorised by the latter, or communicated by the Company to such third parties for the pursuit of the purposes described below.
Legal basis and purpose of processing
The personal data provided by the user when browsing the website www.ardemia.it are processed by the Data Controller in accordance with current regulations on the Protection of Personal Data.
The legal basis of the processing is identified in the provision of its services by the Company, in the management and facilitation of the website, as well as in the establishment, execution and possible resolution of the online sales contract concluded between the parties and in the obligations connected to the same contract and/or directly and/or indirectly deriving from it.
The processing of personal data by ARDEMIA is aimed at pursuing the following purposes:
1) SUBSCRIPTION TO THE ARDEMIA.IT NEWSLETTER: in the event that the user decides to subscribe to the “ARDEMIA Newsletter”, only following an eventual and specific consent, the personal data will be processed by the Data Controller for the sending of commercial or promotional communications, updates relating, for example, to the latest trends, new arrivals, exclusive offers, special events and promotions. To unsubscribe from the newsletter, simply click on the appropriate subscription link at the bottom of the emails received or by writing to info@ardemia.it.
The Data Controller, in order to compare and possibly improve the results of communications, uses systems for sending newsletters and promotional communications equipped with a reporting mechanism, thanks to which the Data Controller will be able to know, for example: the number of readers, openings and clicks; the type of device used to read the communication (desktop, mobile); the number of pending users who have not yet confirmed their subscription; the number of emails sent by date/time/minute; the detail of emails delivered compared to those sent; the list of those unsubscribed from the newsletter; the openings of emails and clicks on individual links; problems viewing the message; link tracking (i.e. the number of clicks made on the links in the message); click tracking (which links have been clicked). All this data is used for the purpose of comparing, and possibly improving, the results of communications.
2) REGISTRATION ON ARDEMIA.IT: in the event that the user decides to register on the luisaviaroma.com website, only following an eventual and specific consent, the personal data will be processed by the Data Controller for the purposes of registration on ardemia.it. In particular, upon providing your name, surname, email address and setting an access password, these will be processed to create a personal account, to speed up the purchase procedure, to allow the user to view the status of orders and receive updates on purchases made, set and modify their data and any "Preferences" that will improve navigation, and update the account, view the history of returns and requests for exchange of goods, save favorite items in the Wishlist.
3) ONLINE SHOPPING ACTIVITIES: the personal data provided will be used for the purposes of establishing, managing, executing and/or concluding the online sales contract. The data provided will be processed by the Data Controller for the purposes of managing the purchase order with reference, for example, to the payment activity, shipping, taking charge of any returns, for customer assistance, for the execution of administrative - accounting purposes related to the management of the order, for the fulfillment of obligations under current legislation. In the case of payment by credit card, the fundamental information for the execution of the transaction (credit card holder, credit/debit card number, expiration date, security code) will be processed by Banca Bper ; Paypal ; Stripe or, possibly, by companies responsible for anti-fraud control via encrypted protocol and without third parties being able to access it in any way. However, this information will never be viewed or stored by the seller (ARDEMIA Srl).
4) PROFILING OF THE NATURAL PERSON: only following an eventual and explicit consent, the personal data provided may be processed by the Data Controller for profiling activities, or for the analysis of preferences aimed at creating personalized content and offers.
Nature of the treatment
In relation to the purposes referred to in point 1) of the previous paragraph, the provision of personal data and consent to their processing is optional. Failure to provide consent will make it impossible for ARDEMIA to allow registration to the “ARDEMIA Newsletter”, the sending of commercial or promotional communications, updates relating, for example, to the latest trends, new arrivals, exclusive offers, special events and promotions.
In relation to the purposes referred to in point 2) of the previous paragraph, the provision of personal data and consent to their processing is mandatory. Failure to provide consent will make it impossible for ARDEMIA to allow registration on luisaviaroma.com, the creation of a personal account, the speeding up of the purchase procedure, the viewing of the status of orders and the receipt of updates on purchases made, the possibility for the user to change personal settings and update the account, to view the history of returns and requests for exchange of goods, to save favorite items in the Wishlist.
In relation to the purposes referred to in point 3) of the previous paragraph, the provision of personal data and consent to their processing is mandatory. Failure to provide consent will make it impossible for ARDEMIA to proceed with the establishment, management, execution and/or conclusion of the online sales contract, therefore the impossibility of carrying out, for example, the activities related to payment, shipping, taking charge of any returns, customer service activities, the execution of administrative - accounting purposes related to order management, and the fulfillment of obligations under current legislation.
In relation to the purposes referred to in point 4) of the previous paragraph, the provision of personal data and consent to their processing is optional.
Failure to provide consent will make it impossible for ARDEMIA to carry out profiling activities, or to carry out analyses of preferences aimed at creating personalised content and offers.
Personal data processed
The personal data processed by the Data Controller are those provided by the user when browsing the website www.ardemia.it, when registering/subscribing to the services/programs made available by ARDEMIA and/or when purchasing products made available by ARDEMIA, such as, by way of example: name, surname and email address, in addition to the data necessary for the provision of the online sales service such as, for example, those functional to the execution of the payment and the shipment/exchange of the purchased products.
Data Processing and Storage Methods
The processing of personal data is carried out by the Data Controller in compliance with the provisions of the current legislation on Privacy. The Data Controller processes personal data using computer and/or telematic tools and with organizational and logical methods strictly related to the pursuit of the purposes indicated in this information notice, as well as adopting appropriate security measures in order to prevent unauthorized access, disclosure, modification or destruction of personal data, their loss and their illicit and incorrect use. However, the Company cannot guarantee its users that the measures adopted for the security of the site and the transmission of data and information on the site are able to limit or exclude any risk of unauthorized access or dispersion of data by devices pertaining to the user. For this reason, users of the site are advised to ensure that their computer is equipped with adequate software to protect data transmission over the network (for example, updated antivirus) and that their Internet Provider has adopted appropriate measures for the security of data transmission over the network. The Company also undertakes to process data according to the principles of correctness, lawfulness and transparency, to collect them to the extent necessary and exact for the processing and to allow their use only by personnel for the authorized purpose. The management and storage of the personal data acquired will take place in archives or on servers located within the European Union owned by the Data Controller and/or third-party companies appointed as External Data Processors and, in any case, currently located in Italy.
In relation to the different purposes for which they are collected, personal data will be stored for the time strictly necessary to achieve them and, in any case, in accordance with the current regulatory provisions on the matter.
In any case, the Company will take care to avoid the use of data for an indefinite period by periodically verifying the actual permanence of the interest of the subject to whom they refer.
Recipients and Data Controllers
The data collected will not be disclosed in any way, but will be processed within the limits and for the purposes described by the Company's employees on the basis of adequate operating instructions (for example, administrative, commercial, marketing, legal, system administrators, etc.). Some data processing may also be carried out by third parties, appointed External Data Processors, of which the Data Controller uses or may use in the context of managing the contractual relationship, the provision of the services offered and for organizational needs of its business. In particular, the data may be communicated to:
a) public and private entities that can access the data pursuant to provisions of law, regulation or community legislation, within the limits set by such provisions;
b) subjects who need to access the data for purposes related to the contractual relationship in place between the parties, within the limits strictly necessary for the performance of auxiliary tasks (such as, for example, banks and credit institutions, technical service providers, hosting providers, IT companies, communication agencies, postal couriers and shipping companies);
c) consultants, to the extent necessary for the performance of their professional duties.
The updated list of External Managers and persons authorised to process data is kept at the Data Controller's headquarters and is available to the Interested Party, upon request to be made by email to info@ardemia.it.
Transfer of data abroad
The management and storage of personal data will take place on servers of the Data Controller and/or third-party companies duly appointed as External Data Processors located within the European Union.
Personal data may be transferred abroad, in accordance with the provisions of current legislation, including to countries outside the European Union. The transfer to non-EU countries, in addition to cases where this is guaranteed by Adequacy Decisions of the Commission, is carried out in such a way as to provide appropriate and suitable guarantees pursuant to Articles 46 or 47 or 49 of the Regulation.
Rights of the interested parties
As an interested party, the user may exercise, at any time, the rights provided for in articles 15, 16, 17, 18, 20 and 21 of the GDPR which grant, in particular, the right to:
a) obtain from the Data Controller, pursuant to Article 15, confirmation as to whether or not personal data concerning you are being processed and, where that is the case, obtain access to the data and to information such as: (i) the purposes of the processing; (ii) the categories of personal data; (iii) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if they are recipients located in Third Countries or International Organizations; (iv) where possible, the expected period for which the personal data will be stored or, if this is not possible, the criteria used to determine that period;
b) obtain from the Data Controller, pursuant to Article 16, the rectification of inaccurate personal data concerning him or her without undue delay; taking into account the purposes of the processing, the interested party shall have the right to obtain the integration of incomplete personal data, including by providing an additional statement;
c) obtain from the Data Controller, pursuant to Article 17, the erasure of personal data concerning him or her without undue delay. The Data Controller has the obligation to erase, without undue delay, personal data if one of the reasons indicated in paragraph 1 of Article 17 exists;
d) obtain from the Data Controller, pursuant to Art. 18, the limitation of processing when one of the hypotheses governed by paragraph 1 of Article 18 occurs;
e) obtain from the Data Controller, pursuant to Article 20, data portability, that is, to receive in a structured, commonly used and machine-readable format, the personal data concerning him/her provided to a Data Controller. The Data Subject also has the right to transmit such data to another Data Controller without hindrance from the first Data Controller to whom he/she provided them, if the conditions indicated in Article 20, paragraph 1, apply. Finally, the Data Subject has the right to obtain the direct transmission of personal data from one Data Controller to another, if technically feasible;
f) to object, in whole or in part, pursuant to Article 21, to the processing of personal data concerning him.
To exercise your rights, the user can send their requests to info@ardemia.it.
It is also noted that the interested party has the right to withdraw consent at any time without prejudice to the lawfulness of the processing based on the consent given before the withdrawal, without prejudice to the consequences indicated above regarding a possible refusal to provide such personal data. The interested party also has the right to lodge a complaint with a Supervisory Authority.
You can make requests regarding the exercise of these rights by contacting the following address: info@ardemia.it.
ARDEMIA Srl undertakes to respond to the requests of the Interested Party within one month, except in cases of particular complexity for which it may take up to three months. In any case, the Data Controller will provide evidence to the Interested Party of the reason for the wait within one month of the request. The outcome of the request will be provided in writing or in electronic format. In the event of a request for rectification, cancellation or limitation of processing, the Data Controller undertakes to communicate the outcomes of the requests received from the Interested Party to each of the recipients of his/her data, unless this proves impossible or involves a disproportionate effort.
The Company specifies that the Interested Party may be asked for a possible contribution if the requests are manifestly unfounded, excessive or repetitive; in this regard, the Data Controller will provide a register to track the requests for intervention.
Changes to this Policy
The data controller reserves the right to make changes to this Privacy Policy at any time by giving notice to users on the website www.ardemia.it . Therefore, please consult this page often, taking as reference the date of the last modification indicated at the end of the document. In the event of non-acceptance of the changes made to this Privacy Policy, the interested party may request the data controller to delete their personal data. Unless otherwise specified, the previous Privacy Policy will continue to apply to personal data collected up to that point.
Privacy Policy updated on 08/23/2021