As foreseen in the European Union Regulation n. 679/2016 (hereinafter "GDPR") and in particular to art. 13, below we provide you with the information required by law relating to the processing of your personal data. Note for minors: We do not intentionally process data from minors under the age of 14, however if you are 14 years of age or younger, please obtain permission from the parent / guardian before providing your personal information. The website www.alcott.eu (hereafter the "Site") is owned and managed by Capri s.r.l., with registered office in Naples, Italy, F. Caracciolo Streetm n. 15, (hereinafter referred to as "Capri"). Capri s.r.l. respects the applicable data protection laws and constantly works to improve the protection of its customers. This information on the protection of personal data informs you about the processing of your personal data in relation to the website www.alcott.eu, on how it is managed and how the services are made available through the Site by Capri.
1. Data Controller
The owner of the processing of personal data is pursuant to art. 26 GDPR - European Privacy Regulation: - Capri s.r.l., with registered office
2. What are Personal Data?
Personal data is information that refers to an identified or identifiable natural person, such as name, surname, gender, e-mail address, telephone number, date of birth, postal address.
3. Which Personal Data are processed?
3.1 If the user creates his personal user account, fills in the registration fields on the Site or gives us his consent, we process the personal data thus provided, in particular the data as defined in section 2.
3.2 Browsing Data
During their normal operation, the IT systems and software procedures used to operate this website acquire some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by the Users, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's computer environment. These data will be recorded in anonymous and aggregate form and will be used, always in aggregate form, for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted, always in aggregate form, immediately after the processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.
4. When do we Process your Data?
We process your personal data when you create your personal user account, when you order products through our website or when you sign up for our newsletter. Unless otherwise specified in the following provisions, the legal basis for this data processing is article 6 paragraph 1 b) and a) GDPR (execution of a contract and consent).
Purpose of Data Processing
For making purchases on our site you need to create a personal account (hereinafter "user account"). You can store personal information in the user account, and facilitate shopping in our online store. For creating a personal user account we need your general information, name and surname and, as appropriate, address and telephone number. In addition, users must provide their email address and a password of their choice. The email address provided by the users also serves as the access data for the user account. In addition, users can store their personal data within the user account and then conveniently purchase in the online store. The information can be updated at any time in the personal area of the user account ("User Profile"). Upon registration, the User will be required to enter personal data, some of which - from time to time expressly identified as such - it will be mandatory and essential to provide for registration purposes (e.g. the e-mail address where receive newsletters). The other data may or may not be provided, at the discretion of the User, and the failure to provide them is in no way prejudicial for the purposes of registration, but may allow only partial use of the Services. Of course, the user can cancel his user account at any time and without stating the reasons. The easiest way to do this is to send an email to firstname.lastname@example.org. (non è it)The legal basis for this data processing is article 6 paragraph 1 b) GDPR (execution of a contract).
5.2. Regarding the order of products in our online store, the processing of your personal data is intended to allow and optimize the fulfilment of the order, including payment and delivery. When paying by credit card, we receive the payment ID and the last four digits of the credit card number from our payment service provider. This serves us for the authentication and allocation of your order and therefore for your safety. The personal data necessary for payment are collected directly by the payment service provider. The legal basis for the aforementioned data processing is the article. 6 paragraph 1 b) GDPR (execution of a contract) and Art. 6 paragraph 1 f) GDPR (legitimate interest, based on our interest in offering you a secure payment option by credit card). Among other things, we also check all previous orders placed from your customer account. The system also checks whether the delivery address is different from the billing address, if it is a new delivery address or if the order must be delivered to an intermediate center. After choosing the payment service provider, you will be asked for the data necessary to use this service. This payment information is forwarded directly to the respective payment service provider and is not stored by Capri. We save the billing and delivery address data in your user account so that you no longer need to enter it the next time you make a purchase. This data can be changed at any time in the future. If you do not consent to the method or methods of payment offered, you can inform us in writing by letter or e-mail at email@example.com (non è it)We will therefore review the decision in the light of your reports. Personal data processed in the context of orders are deleted at the latest after the expiration of the guarantee terms established by law, unless this is in contrast with the retention obligations established by law.
We offer all users of our community (users of www.alcott.eu) the opportunity to receive our newsletter. To activate it, the user can register with his e-mail address on the specific page. The user can withdraw his consent at any time and without stating the reasons. The easiest way to do this is to click on the "Unsubscribe" link, which is found in each newsletter. The Newsletter may also contain advertising banners, advertisements and advertising offers from both the Company and third parties. The legal basis of this process is Article 6, paragraph 1 a) GDPR (consent).
5.4 Contact via contact form
If you send us requests for information using the contact form, we will process the information you provide, including your contact details, in order to process the request. In case of subsequent requests, these additional data will also be stored. The legal basis is article 6.1 b) GDPR (fulfillment of the contract - the processing of user data is necessary for the fulfillment of the contract to answer questions or requests) as well as article 6 paragraph 1 f) GDPR (balancing interest - based on our interest in processing requests from users of our website). As Data Controller, Capri informs that Users' personal data, subject to their consent, may be processed by Capri for the following purposes: a) sending of informative, promotional and advertising material relating to the brands of Capri (for example but not exhaustive: sending newsletters, promotions, etc.); b) to develop studies and statistical research; c) collect data and information in general and in particular on consumer guidelines and preferences and process them through electronic tools in order to identify the products that may be of most interest to them, so as to send them promotional communications expressly addressed to them products (so-called profiling).
6. Methods and Place of Treatment
Personal data are processed with automated tools for the time strictly necessary to achieve the purposes for which they were collected. Specific security measures are observed to prevent the loss of data, illicit or incorrect use and unauthorized access. The database is accessible only by authorized persons through methods that guarantee its protection and confidentiality, thanks to the adoption of security measures designed to prevent data loss, illicit or incorrect use and unauthorized access. Despite all the measures taken to safeguard your information, we cannot guarantee, in the state of technology, that unauthorized access or abuse of services by third parties can be excluded. PLACE OF DATA PROCESSING The treatments connected to the Services of this Site take place at the headquarters of the Data Controller and are only handled by technical personnel of the Data Controller appointed for this purpose in the capacity of appointee, or by any persons in charge of occasional maintenance operations. No data deriving from the web service is communicated or disclosed. The personal data provided by Users who submit requests to join the Services are used only to perform the service or provision requested and are disclosed to third parties only if this is necessary for this purpose. In its capacity as data controller, Capri may proceed, directly or through any external data processors indicated on the Site, to save the Users' personal data in special servers and to carry out all other processing operations through the staff - of the owner and manager – (all'uopo)appointed for this purpose in the role of appointee, or through any external appointees during maintenance operations.
7. Responsibile for Treatment
PFor the operation of our website we commission external suppliers of data processing services (e.g. sending the order, newsletter software, computer centers). If necessary, these service providers also process personal data. Service providers are carefully selected and monitored by us. The data are processed exclusively in accordance with our instructions and are also bound by this data protection declaration. Only in the presence of an express authorization from the User, Capri proceeds to use his data for the same activities as in the previous point with the help of automated tools without the intervention of an operator and / or for the other purposes from time to time authorized by the User. The updated list of all Data Processors is available at each of the Data Controller's offices and can be requested at the following e-mail address: firstname.lastname@example.org. This list may subsequently be integrated and / or updated as needed.
8. Storage Period
Personal data will be kept only for the time necessary to achieve the purposes indicated herein or as required by law (civil, tax and tax obligations in force). The data you entered pursuant to section 3.1 will therefore be deleted at the latest after 10 years from the expiration of any retention periods provided for under commercial and tax law. The automatically recorded data, as defined in section 3.2, will therefore be deleted or anonymized after 24 months.
9. Your Rights
As an interested party, pursuant to articles 15-21 of the GDPR you have the right to: a) obtain confirmation of the processing of your personal data; b) access your personal data and know its origin (when the data are not obtained from you directly), the purposes and purposes of the processing, the data of the subjects to whom they are communicated, the retention period of your data or useful criteria to determine it; c) obtain the updating and correction of your personal data so that they are always exact and accurate; d) obtain cancellation, in the cases provided for by art. 17 of the GDPR, of your personal data or ask for the limitation of the treatment; e) obtain a copy of your personal data. You can therefore know what your personal data are in our possession, their origin and how they are used, request their updating, correction or integration as well as, in the cases provided for by the current provisions, the cancellation, the limitation of the treatment or oppose to their treatment. If you wish, you can request to receive the personal data we hold about you in a format readable by electronic devices and, where technically possible, we will be able to transfer your data directly to a third party indicated by you. Any requests will be processed at the latest within one month of receipt, except for the possibility of extending this period for a further two months, if necessary, taking into account the complexity and the number of requests received by the Data Controller.