PRIVACY POLICY PURSUANT TO ART. 13 REG. EU 2016/679 (GDPR)
For DIVO S.r.l. (“Divo”) your privacy and the security of your personal data are important; for this reason, we collect and manage your personal data with the utmost attention and adopt specific measures for their treatment in line with the privacy legislation pursuant to EU Regulation 2016/679 ("GDPR").
Below you will find information about how Divo processes your personal data when you browse www.divoboutique.it (the "Site").
INDEX:
- The Data Controller
- What data Divo processes
- For what purpose Divo processes the data and what is the legal basis
- Who shall process your data
- Methods of data processing
- How long Divo retains your data
- What are your rights
- Web Push Notification
- Security measures
- Claim
The Data Controller
The Data Controller is the legal entity that determines the purposes and the means of processing personal data.
The Data Controller is Divo with registered office in Via Privata Giovacchini 18, 56029 S. Croce Sull’Arno (PI) , VAT 01901770501.
e-mail: privacy@divo.it
What data Divo processes
Divo processes various types of personal data, including:
1. personal data necessary to conclude the online sale of products carried out on the Site and related activities, such as name and surname, e-mail address, shipping address, billing address, telephone number and payment details.
2. personal data, such as your e-mail address when you subscribe to our newsletter service.
3. identification and contact data, to manage any requests for information when you contact our Customer Service.
4. identification data, such as name and surname, e-mail address, password and date of birth, as well as the data necessary to provide you with the services reserved for registered users, for account registration.
5. when you give your consent, your personal data for marketing purposes.
6. subject to your express consent, by analysing your personal data we can process information regarding your interests and your preferences with respect to our products and services, in order to present you personalized offers. In case of account authentication via external social networks, we collect from these third parties the data necessary for registration/authentication through Facebook, Instagram and Google.
7. Information about your browsing the Site, such as the pages you visit and how you interact with the single page and we save this information on our servers. For more information on the technologies used (cookies and similar tools) you may see our Cookie Policy.
8. In the event that you provide personal data of third parties to Divo (if you purchase a product to be delivered to a third party), you must respect the privacy legislation; before providing us with personal data of third parties, you must inform them and obtain their consent to the processing.
We inform you that Divo does not process personal data relating to minors. If you access the Site and use the services offered by Divo, you declare that you are of legal age.
For what purpose Divo processes the data and what is the legal basis
1) Your personal data are processed to execute the contract you are a part of, pursuant to art. 6, paragraph 1, lett. b) of the GDPR; and in particular for:
- the conclusion and execution of a contract of purchase, for payment, shipment of the product, any management of the right of withdrawal, return and legal guarantee;
- the registration on the Site and use of services reserved for registered users;
- the management of your requests through Customer Service.
It is mandatory that you provide your personal data; otherwise, you will be unable to use the service.
2) With your consent, pursuant to art. 6, paragraph 1, lett. a) of the GDPR, Divo processes your personal data for:
- marketing communications on our products and services in order to update you on new arrivals, exclusive products, our offers (by telephone, SMS, e-mail);
- sending newsletters;
- market research in order to improve our services and the relationship with our users;
- marketing activities, surveys and market research;
- create group and/or individual profiles which allow us to send you personalised communications that are in line with your interests.
The processing of your data is based on your voluntary consent; providing your data is optional. However, without it, you will be unable to purchase our products online.
You may revoke the consent at any time, by writing to e-mail address of Divo: customercare@divoboutique.com
3) For legitimate interest of Divo, pursuant to art. 6, paragraph 1, lett. f) GDPR.
Some of your personal data may be processed to carry out anti-fraud activities: we have a legitimate interest in carrying out this activity to prevent and prosecute any fraudulent activities.
The Data Controller guarantees that he has previously carried out an assessment aimed at ensuring the proportionality of the processing so that the rights and freedoms of the users are not affected, taking into account the reasonable expectations of the same in relation to the specific processing activity.
4) To fufill a legal obligation to which DIVO is subject, pursuant to art. 6, paragraph 1, lett. c) GDPR.
To comply with legal obligation of the Data Controller (for example, the legislation to prevent and fraud detection, identification and reporting of illegal and illegal activity regulations, AML e KYC, privacy).
Who shall process your data
Duly informed personnel (employees and associates) will process the data.
Third parties will process personal data and they were appropriately selected by the Data Controller and they offer a suitable guarantee of compliance with personal data processing rules. These third parties, based on an appropriate designation by the controller (each of them with respect to their own area of authority) may conduct their activities as data processors, pursuant to art. 28 of the GDPR.
These third parties belong to the following categories: internet providers, companies specialized in IT and telematic services; companies that carry out marketing activities; companies specialized in market research and data processing, couriers and shippers, bank operators, freelancers or legal or tax consultancy and assistance companies.
Some of the subjects indicated above may also be established outside the European Union (EU) or the European Economic Area (EEA), in countries that do not guarantee an adequate level of protection of personal data according to the standards established by the GDPR. Divo adopts the necessary precautions for a legitimate data transfer (in particular, through the use of the Standard Contractual Clauses approved by the European Commission).
Furthermore, your data may be disclosed to third parties when disclosure is required by the applicable laws and regulations for legitimate third-party recipients of communications, such as public entities and authorities that process your data as independent controllers for the respective institutional purposes.
Methods of data processing
In relation to the above purposes, the processing of personal data may consist of the activities indicated by art. 4, paragraph 1, no. 2) of the GDPR, namely: collection, registration, organization, conservation, consultation, processing, communication by transmission or any other form of making available, limitation, cancellation and destruction of personal data.
The processing may be carried out using automated tools, with logic strictly related to the aforementioned purposes and, in any case, with methods such as to guarantee the security and confidentiality of the data, in addition to compliance with the specific obligations established by the legislation in force and applicable from time to time.
How long Divo retains your data
We retain your personal data for a limited period of time which depends on the purpose for which they were collected, at the end of which your personal data will be deleted or in any case irreversibly anonymized.
The retention period differs according to the purpose of the processing, in particular:
a) data collected to conclude and execute contracts for purchase products or services on the Site: up to the conclusion of the administrative-accounting formalities (invoicing data will be kept for ten years from the invoice date);
b) registered user data: the data will be retain until deletion is requested;
c) data provided for marketing communications activities, surveys and market research: until interruption is requested and, in any case, when two years have elapsed since your last interaction with Divo.
In any case, for technical reasons, the termination of the treatment and the consequent definitive cancellation or irreversible anonymization of the relative personal data will be definitive within thirty days from the terms indicated above.
d) The data entered for the self-application on the Site may be kept until 31 December of the calendar year following that of the self-application.
e) in the event of a legal dispute, your data will be kept for the period necessary for the protection of Divo's right in court.
What are your rights
GDPR (arts.- 15-21) grants you the right to exercise specific rights, including that of obtaining from the Data Controller confirmation of whether or not your personal data is being processed and, if it is, to obtain access to or a copy of such personal data; you also have the right to obtain the updating, correction and integration of your data, cancellation, transformation into anonymous form or blocking of data processed in violation of the law; you have the right to object, for reasons related to you specific situation, to the processing of your data for the purpose of a legitimate interest of the controller.
The User may at any time exercise their rights in the following ways:
by e-mail, at the address: divo@arubapec.it
by ordinary mail, to the address:
DIVO SRL
VIA PRIVATA GIOVACCHINI 18
56029 SANTA CROCE SULL’ARNO, PISA, IT
Security measures
We protect your personal data with specific technical and organizational security measures, aimed at preventing your personal data from being used illegitimately or fraudulently. In particular, we use security measures which guarantee: the pseudonymisation or encryption of your data; the confidentiality, integrity, availability of your data. Furthermore, DIVO undertakes to regularly test, verify and evaluate the effectiveness of the technical and organizational measures in order to guarantee continuous improvement in the security of the treatments.
Claim
Pursuant to art. 77 of the GDPR, you can submit a claim to one of the competent supervisory authorities on compliance with the personal data protection standards, if you believe that your data was unlawfully processed.
In Italy, a claim may be filed with the Personal Data Protection Authority
More information on how to present it is available on https://www.garanteprivacy.it/home/docweb/-/docweb-display/docweb/4535524.
Last updated: July, 2023