INFORMATION ON THE PROCESSING OF PERSONAL DATA
of Customers who visit Severino Becagli srl websites pursuant to Article No. 13 of the (EU) Regulation 2016/679
The Identity of the Controller
The Data Controller is Severino Becagli srl via Aurelia Antica, 50 – 58100 Grosseto (GR), in the person of its Legal Representative pro tempore.
Source of data and type of data collected
a) Severino Becagli srl collects the personal data provided on a voluntary basis by the Customer when registering on the website or when the latter performs a transaction through the website, in addition to other personal data associated with the processing of orders. Since Severino Becagli srl operates the B2B and B2C segments, personal data include: Title, name and surname, company name, VAT number (if applicable), date of birth, gender, e-mail address, shipping and billing address (including post code, city and country), telephone and fax number, type and quantity of products ordered, order date, order fulfillment status, date and time of service delivery, order value, currency, information of payment (number and date of the credit card expiration), requests for returns or offers for the Customer and the following information provided on a voluntary basis by the Customer: how you find out about the website, company data, number of employees and —for company customers— the date of the company establishment (overall “Transaction Data”).
b) Severino Becagli srl also collects data regarding the use of the website by the Customer, such as IP address, products displayed and those saved in the shopping cart; if the Customer reaches the website via a referral page or a link in a promotional e-mail or advertising on another website that redirects to the Severino Becagli srl website; the company can also collect information on the referral page and on promotional e-mails or targeted advertisements together with the Customer’s IP address to analyze the effectiveness of marketing operations (overall “Usage Data”).
Purpose for Processing
Personal data are processed by the Data Controller for:
Transaction data will be used to process orders, manage payments, communicate with you about the order, manage product returns, customer support requests and collect products. They will also be used to acquire pre-contractual data and information; exchange information aimed at the execution of the contractual relationship, including pre and post contractual activities; make requests or fulfill requests received; manage accounting and tax obligations. The user’s personal details are processed for the purpose of managing the cart, including the ‘abandoned cart’.
Transaction data will also be used to send the person concerned personalized messages or invitations to review the products; usage data, in the case of registered customers, will be used together with transaction data (except for payment information) to display customized products on the website based on the interests expressed by the Customer.
In order to make the marketing communications and the newsletter sent to the Customer concretely useful, the transaction data and the site usage data will be analyzed by Severino Becagli srl to send personalized commercial communications according to the preferences indicated exclusively upon your consent, expressed in the footnote of the information on the processing of data.
Finally, the data will be used to manage and control risks, to prevent possible fraud, insolvency or default; prevent and manage possible litigation, take legal action in case of need.
Legal basis for processing
The legal basis of the processing is as follows:
The processing is necessary for the execution of a contract of which the Data Subject is part of or for the execution of pre-contractual measures established at the request of the same, as regards the processing listed in point 1);
The Data Subject has given his consent to the processing of his personal data for one or more specific purposes, as regards the processing listed in point 2);
Execution of pre-contractual measures adopted at the request of the Data Subject and legitimate interest of the Controller (the maximization of the effectiveness of communications), as regards the processing listed in point 3);
The processing is necessary for the pursuit of the legitimate interest of the Data Controller (protection and prevention of fraud and insolvencies), as regards the processing listed in point 4).
The personal data processed by the Data Controller will not be disclosed, or will not be disseminated to indeterminate subjects, in any possible form, including that of their availability or simple consultation. On the other hand, they may be communicated to the workers who work for the Data Controller, or to persons authorized to process the data as they operate under the authority of the Data Controller. In this regard, Severino Becagli srl has appointed third party service providers in connection with the operation of the website, such as hosting service providers, marketing service providers and websites, IT maintenance service providers, shipping services and VAT verification services, as well as service providers that allow the integration on the website of other functions that the Customer can use at his discretion, i.e. the chat tool and the product review function. These service providers, designated as Data Processors, are provided with only the personal data they need to supply the corresponding services and are not allowed to use or disclose the personal data of the interested parties for other purposes, without prior authorization of the person concerned.
They may be communicated, to the strictly necessary extent, to the subjects that for purposes of order fulfillment or other requests or services related to the transaction or the contractual relationship with the Controller, shall provide goods and/or perform services on behalf of the Controller. Finally, they may be communicated to the persons entitled to access it under the provisions of the law, regulations, and community regulations.
In particular, based on the roles and tasks performed, some workers have been entitled to process personal data, within the limits of their competences and in accordance with the instructions given to them by the Controller.
The Data Controller does not transfer personal data to third countries or international organizations.
However, the right to use cloud services is reserved; in this case, the service providers will be selected from among those who provide adequate guarantees, as required by art. No. 46 GDPR 679/16.
The Data Controller retains and processes personal data for the time necessary to fulfill the purposes indicated. Subsequently, personal data will be stored —and not further processed— for the time established by the current provisions on civil and fiscal matters.
Rights of the Data Subject
With reference to the articles No. 15 – right of access by the data subject, No. 16 – right to rectification, No. 17 – right to erasure, No. 18 – right to restriction of processing, No. 20 – right to data portability, No. 21 – right to object, No. 22 right to oppose the automated individual decision-making of GDPR 679 / 16, the Data Subject exercises his rights by writing to the Data Controller at the previously mentioned address, or by email, specifying the subject of his request, the right that he intends to exercise and attaches a photocopy of an identity document attesting the legitimacy of the request.
In particular, the Data Controller reminds that each Data Subject can exercise the right of opposition in the forms and ways provided for by art. No. 21 GDPR. Further information on the rights of the Data Subject can be consulted at the bottom of this section or can be requested at firstname.lastname@example.org
Withdrawal of consent
With reference to art. No. 7 of the GDPR 679/16, the Data Subject can revoke the consent given at any time.
However, some of the processing referred to in this statement (points 1) and 4)) are lawful and permitted —even without consent— as they are necessary for the execution of a contract of which the Data Subject is part, or for the evasion of his requests or to pursue the legitimate interests of the Data Controller.
The withdrawal of consent —where applicable— may limit or compromise the methods of interaction and communication of the Customer with the Severino Becagli srl.
The Data Subject has the right to lodge a complaint to a supervisory authority of the residence state.
Refusal to supply data
Interested parties can not refuse to give the Data Controller the personal data necessary to comply with the laws that regulate commercial transactions and taxation.
The provision of further personal data may be necessary to improve the quality and efficiency of the transaction.
Therefore, the refusal to supply the data required by law will prevent the fulfillment of orders. The additional data indicated in point a) of the paragraph “Data source and type of data collected” are provided on a voluntary basis; however, if the person concerned decides not to provide the requested data, Severino Becagli srl may not be able to provide the services, allow the completion of the transaction via the website or process the order.
The data indicated in point b) data are provided voluntarily by the Data Subject and, should she/he decide not to provide the requested data, the supply of the products and services will not be compromised.
Automated individual decision-making processes
The Data Controller does not carry out processing that consists of automated decision-making processes on the data of natural persons, except those indicated in the paragraph “Data Recipients” in relation to those who request the sending of marketing communications and the newsletter.