Privacy Policy and Cookie Policy
AD Milano S.r.l., as Data Controller, intend to provide you the following specific information about the management of the website anndemeulemeester.com with reference to the process of personal data of users who consult it. It is also an information notice, according to article 13 of European Regulation 2016/679 (“GDPR” or “Regulation”).
LEGAL FRAMEWORK
- Directive 2002/58/EC on “personal data processing and protection of private life in the field of electronic communications”.
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation “GDPR”).
- Legislative Decree 30 June 2003 n. 196 “Code regarding the protection of personal data", as amended by Legislative Decree 10 August 2018 n. 101.
DATA CONTROLLER
The Data Controller is AD Milano S.r.l., via Savona n. 97, 20144 Milano, email address: privacy@antonioligroup.com.
DATA PROTECTIO OFFICER
The Data Controller has appointed a Data Protection Officer who can be reachable at the following email address: dpo@antonioligroup.com.
DATA PROCESSING PLACE
The processing related to the services of this website are realized at the seat of AD Milano S.r.l., as well as at the seat of third parties, appointed as Data Processor, who offer outsourced services.
CATEGORIES OF DATA PROCESSED
Browsing data
The information systems and the software procedures needed for the running of this website acquire, during their normal operation, some personal data the transmission of which is implicit in the use of Internet communication protocols.
This information is not collected to be associated with identified data subjects, but due to its nature, it could allow to identify the users, through processing and association with data held by third parties.
To this category of data belong the IP addresses or the domain names of the PC used by the users who connect to the web site, the URI (Uniform Resource Identifier) notation addresses of the required resources, the time of the request, the method used while sending the request to the server, the size of the file obtained in the response, the numeric code specifying the status of the response given by the server (successful, error, etc.) and other parameters concerning the operation system and the user’s information environment.
Such data are used only in order to obtain anonymous statistical information on the use of the website and to control the correct operation, and are delated immediately after the processing.
The data could be used to ascertain the liability in case of possible cybercrimes damaging the web site.
Data provided voluntarily by the user
The collection of personal data freely provided by the user through the form on the website or by calling any telephone number published on the website, entails the subsequent acquisition of the data provided by the user, necessary to provide the service or the information requested.
Data required to prevent fraud attempts
If the Data Controller detects, in the context of a purchase request, a risk of possible fraud attempt, it will start a proceeding aimed at identifying the customer by requesting a copy of the identity document and a copy of the credit card, with only the last four digits in clear text. With these documents, the Data Controller will be able to identify the customer and prevent any fraud attempts.
Anonymous or aggregated data
Anonymization is a process aimed at preventing the identification of the data subjects. The data made anonymous don’t belong to the application field of the data protection regulation. The aggregated data may derive from personal data supplied by the user but is not considered personal data since, as specified, it doesn’t allow to directly or indirectly identify the data subject.
Cookie
The site uses cookies in accordance with the adopted Cookie Policy which is found at the following link [•].
COOKIES
Please refer to the Cookie Policy accessible at the following link [•] for more information on the cookies we use.
PURPOSE AND LEGAL BASE OF THE PROCESS
Personal data will be processed for the following purposes:
(i) Allow navigation and consultation within the website.
The legal base of the process is the consent that is explicitly given by consulting the site (art. 6, paragraph 1, let. a), GDPR).
(ii) Provision of the requested services (replies to requests for information, return request).
The legal base of the process is the consent that is explicitly given by filing the form (art. 6, paragraph 1, let. a), GDPR).
(iii) Purposes related to the purchase of the products.
The legal base of the process is the performance of the contract (art. 6, first paragraph, let. b), GDPR).
(iv) Purposes related to marketing communications, about promotions, newsletters, advertising, related to the brands and services of the Antonioli Group companies.
The legal basis of the process is the consent (art. 6, first paragraph, let. a), GDPR).
(v) Purposes related to the sending of commercial communications to customers who have purchased a product, through the use of the email address provided in the context of the sale, in relation to products similar to those being sold.
The legal base of the process is the legitimate interest (art 6, first paragraph, let. f), GDPR).
(vi) Profiling purposes aimed at evaluating the preferences expressed by users in the context of purchases and views on the website by the Antonioli Group companies.
The legal basis of the process is the consent (art. 6, first paragraph, let. a), GDPR).
(vii) Defensive purposes in the event of abuses in the use of the site or attempts at fraud.
The legal base of the process is the legitimate interest (art. 6, first paragraph, let. f), GDPR).
LINKS TO OTHER WEBSITES
This website could contain links or references for the access to other websites. We inform you that the data controller does not control the cookies or other monitoring technologies of such websites to which this policy does not apply. We therefore recommend that you consult the individual privacy policies relating to these websites.
DISCRETIONARY NATURE OF THE DATA PROVIDING
Apart from what has been specified concerning the surfing data, users are free to provide their personal data or not by filling the form on the site. However, the non-providing can enable obtaining what was requested.
OPTIONAL SUPPLY OF DATA
Apart from what has been specified for the browsing data (needed for the running of this web site), users are free to supply their personal data or not. However, the non-supply of such data may entail the impossibility to obtain what has been requested.
CHECK ON YOUR PERSONAL DATA
We inform you that at any time you can choose to limit the collection or use of your personal data. For example, at any time you can object to the processing of your personal data for direct marketing purposes by sending us an email to the email address indicated below. The company will not sell or distribute the personal data collected to third parties unless it has obtained explicit consent from the data subject or unless this is explicitly required by law.
PROCESSING METHODS AND STORAGE TIME
Personal data are processed, even with the aid of automated devices, for the time strictly necessary to achieve the purposes for which it was collected. In particular, with reference to personal data processed in the context of the execution of the sales contract, the Data Controller will storage the personal data for ten years from the conclusion of the contract, that is until the time when the limitation period relating to contractual actions that may arise with reference to the contract in execution of which data are processed have expired. The data can be retained for a longer period if is necessary in order to comply with regulatory provisions or if the data are necessary for the Data Controller to defend its rights in Court. Personal data processed on the base of consent will be retained by the Data Controller until the withdrawal of the consent by the data subject. Specific security measures are taken in order to prevent the loss of data, its unlawful or wrongful use and unauthorised access. The Data Controller, inspired by internationals standards has adopted additional security measures to minimize the risks related to the confidentiality, availability and integrity of the personal data collected and processed.
SHARING, COMMUNICATION AND CIRCULATION OF DATA
The collected data may be shared, transferred or communicated to other companies, appointed as data processor, for activities strictly connected to the purposes indicated and instrumental to the operativeness of the service, such as the management of the information system. Apart from these cases, personal data won’t be communicated unless there’s a contractual or legal provision, or upon specific consent by the Data Subject. In this sense, personal data may be transmitted to third parties, but only and exclusively if: a) there is explicit consent to share the data with third parties; b) there is a need to share information with third parties in order to provide the service required by the Data Subject; c) it is necessary in order to meet a request by the judicial or public security authorities. No data deriving from the web service is circulated.
TRANSFER OF PERSONAL DATA
Personal data will not be transferred to third countries, namely countries not belonging to the European Union or to the European Economic Area. Should this occur, the Data Controller declares and guarantees to comply with the provisions of articles 44 et seq. of the GDPR.
RIGHTS OF INTERESTED PARTIES
The regulation for the protection of personal data provides some rights for the subject to whom the data refer (data subject). In particular, according to art. 15 and subsequent of the EU Regulation 2016/679, each data subject has the right to obtain confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data, to obtain rectification, erasure or restriction of processing concerning the data subject or to object to processing as well as the right to data portability. To exercise the aforementioned rights, the user can contact the Data Controller by sending a registered letter with return receipt to the address indicated above or an email to privacy@antonioligroup.com, or The Data Protection Officer at the following address dpo@antonioligroup.com.
RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY
Every data subject who believes that the processing of personal data relating to him or her, through the web site, infringes the Regulation, shall have the right to lodge a complaint with a supervisory authority, as provided by the article 77 of GDPR.
CHANGES TO THIS DATA PROTECTION POLICY
The data controller periodically controls its data protection and security policy and – if needed – reviews it in connection with modifications deriving from regulations or organisations, or as dictated by technological evolution. Should the policy be modified, the new version will be published on this web page.
QUESTIONS, COMPLAINTS, SUGGESTIONS AND EXERCISE OF RIGHTS
Anyone interested in more information, in contributing with their suggestions or making complaints or disputes regarding the privacy policies, on the way in which the Data Controller processes personal data, as well as to assert their rights under the legislation on protection of personal data, you can contact the Data Controller by writing to AD Milano Srl, based in Milan, via Savona n. 97, e-mail address: privacy@antonioligroup.com or to the Data Protection Officer at the following address dpo@antonioligroup.com.
INFORMATION NOTICE
(pursuant to the Regulation EU 2016/679)
Dear Customer,
pursuant to Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, hereinafter "GDPR" or "Regulation"), we hereby inform you that your personal data (hereinafter also "the Data") will be processed by AD Milano S.r.l., with registered office in Via Savona n. 97 – 20144 Milan, Italy as Data Controller (hereinafter also “Controller” or "Data Controller").
Categories of personal data
The Data collected and processed by the Controller are as follows:
· Identification data (First name, last name, birthdate);
· Location data (Address, city);
· Contact details (e-mail; telephone number;);
· Purchase data.
Purpose and methods of data processing
In consideration of the activity carried out by the Controller, the collection and processing of your Data have as purposes:
1 the execution of the obligations deriving from the contractual relations of sale or the performance of pre-contractual activities;
2 the management of customers and/or the customers’ orders;
3 the fulfilment of accounting and tax obligations or other legal obligations;
4 the management of legal disputes;
5 the creation of the utilities for access to the e-commerce;
6 the sending of commercial communications in order to keep you informed about our products similar to those you have purchased and/or other promotional or marketing activities from the Antonioli Group companies;
7 the sending of commercial communications about our products and services and/or other promotional or marketing activities customized on the basis of customers' tastes, interests, purchases from the Antonioli Group companies
8 prevention of fraud attempt.
Your Data will be processed by authorized personnel in accordance with article 29 of GDPR. The processing of the Data for said purposes will take place by computer, telematic, manual and paper means, according to logical criteria compatible and functional to the purposes for which the Data was collected, in compliance with the rules of confidentiality and security provided for by law and by the internal company regulations and security measures of GDPR. Your Data may also be subject to processing involving automated decision-making processes, including profiling.
Data required to prevent fraud attempts
If the Data Controller detects, in the context of a purchase request, a risk of possible fraud attempt, it will start a proceeding aimed at identifying the customer by requesting a copy of the identity document and a copy of the credit card, with only the last four digits in clear text. With these documents, the Data Controller will be able to identify the customer and prevent any fraud attempts.
Legal basis of the processing
The legal bases for achieving the above purposes are as follows:
· with regard to the purposes set out in points 1,2 and 5 to execution of the obligations deriving from the contractual relations of sale or the performance of pre-contractual activities (Article 6(1)(b) of the GDPR);
· with regard to the purpose set out in point 3 in the fulfilment legal obligations (Article 6(1)(c) of the GDPR);
· with regard to the purpose set out in point 4 in the legitimate interest of the Controller (Article 6(1)(f) of the GDPR);
· with regard to the purposes set out in points 6 and 7 in the consent spontaneously given by the data subject (Customer or visitor) by flag a check-box or registering for a specific service (Article 6(1)(a) of the GDPR;
· with regard to the purposes set out in point 6 in the legitimate interest of the Controller to offer its customers products similar to those purchased (Article 6(1)(b) of the GDPR). The Customer may always object to such processing;
· with regard to the purpose set out in point 8 in the legitimate interest (Article 6(1)(f) of the GDPR).
Categories of Data recipients and Data transfer to third countries
The Controller, in the fulfilment of the purposes indicated above, may communicate and transfer your Data to third parties in charge of carrying out or providing specific services strictly functional to the execution of the contractual relationship and inevitably connected to it, such as:
- to Public Bodies or Offices or Public Administrations in accordance with legal obligations;
- to subjects whose right to access the Data is recognized by provisions of law and secondary legislation or by provisions issued by authorities legitimated by law;
- professionals, external debt collection companies and auditing companies;
- banks and credit institutions;
- companies that manage IT systems, including those aimed at managing company relations;
- companies that provide call center services.
The subjects listed above act, depending on the case, as Data Processors or independent Data Controllers. Personal Data are not transferred outside the European Union or the European Economic Area.
Data Retention Period
The Personal Data collected will be kept for the period of time necessary to pursue the purposes indicated; subsequently, such Data will be kept for a period of ten years in order to comply with legal obligations and, among these, the obligations under Article 2220 of the Italian Civil Code. Any further storage of Data or part of the Data may be arranged to enforce or defend our rights in any venue and, in particular, in court. For the purpose n. 6, the Data will be processed and stored by the Controller for the entire period during which the newsletter service will be active, except in case of revocation of consent or the exercise of the rights of opposition and cancellation of the Data by you. For the purpose n. 7 the Data will be processed until the revocation of consent.
Data subject's rights
With regard to your personal data, we inform you that you can exercise your rights under art. 15 et seq. of Regulation (EU) 2016/679, set out below:
Right of Access; Right to rectification; Right to cancellation or "right to be forgotten"; Right to limitation of processing; Right to receive notification in case of rectification or cancellation of personal data or limitation of processing; Right to Data Portability; Right to Opposition to processing. You have also the right to lodge a complaint with a supervisory authority if you consider that your rights have not been granted to you.
To enforce the rights reserved to you, please contact the Data Controller, sending a letter to AD Milano S.r.l., Via Savona 97 - 20144 Milan, Italy or sending an email to privacy@antonioligroup.com, or by writing to the Data Protection Officer at the following address: dpo@antonioligroup.com. If you think that the processing of your personal data by the data controller has infringed the provision of the GDPR, you can lodge a complaint with a Supervisory Authority.
Compulsory or optional nature of the provision of Data
The provision of Data to the Controller is mandatory only for those Data for which there is a regulatory obligation (i.e. established by laws, regulations, provisions of Public Authorities, etc.). In all other cases, you are free to provide your Personal Data or not, as long as part of your Data is strictly necessary for the pursuit of contractual purposes, failure to provide such Data may not allow the provision of services requested by you.
Consequences in case of refusal to provide the Data
In the presence of a regulatory or contractual obligation to provide your Personal Data, the refusal to provide your Personal Data does not allow the Controller to perform the operations that presuppose the processing of such Data and this with all the consequences and damage at your expense. Therefore, if the Data are necessary or strictly instrumental to the performance of the contractual relationship, the refusal to provide them may make it impossible to carry out the operations connected to such Data (or in any case may cause delays in the performance of such operations). Any refusal to provide Personal Data functional to the activities of the Controller, other than those necessary or strictly instrumental to the execution of the contractual relationship (for example, personal data that can be processed only on the basis of your consent) precludes the conduct of such further activities but does not interfere with the performance of the current contractual relationship.