It should be noted, as of now, that the reserved sections of this website are not intended to be used by persons under the age of sixteen years, to whom is therefore posed prohibition to create an account or otherwise provide its own personal information.
INFORMATION ON THE PROCESSING OF PERSONAL DATA
Articles 5-6-7-12-13-22 EU Regulation n. 679/2016
INFORMATION AND CONTACT DETAILS OF THE CONTROLLER
Art. 13, paragraph 1(a), EU Regulation n. 679/2016
LABELADO s.r.l., whose registered office is at Via Cerrato n. 1, 12051 Alba (CN), VAT n° 03767650041
Contact details of the Controller:
Contact details of the Data Protection Officer:
The Controller business activities do not comply with the hypotheses provided by art. 37 of EU Regulation n. 679/2016.
LABELADO s.r.l., an Italian company whose registered office is at Via Cerrato n. 1, 12051 Alba (CN), VAT n° 03767650041, as the Controller of your personal data (hereinafter also "Controller"), informs you, within the meaning of Articles 12 and 13 of EU Regulation n. 679/2016 (General Data Protection Regulation, henceforth called for brevity "GDPR"), that your personal data will be processed by subjects specifically authorized to and limited to the purposes and with the means specified hereafter, with reference to the functionality of the website www.labelado.com.
Object and purposes of the processing
The Controller informs you that it will process your personal data, and specifically:
(i) Your identifying personal common data - such as name and surname, address, tax code, telephone/fax number/email;
(ii) Your accounting, tax, credit card and banking data;
(iii) Your identifying IP addresses and/or domain names,
in accordance with the purposes and means, as defined and specified here below.
The website users’ personal data, as described above, will be subject to processing in the ways and in the forms prescribed by the GDPR for the carrying out of specific functionalities of the website http://www.labelado.com, with particular and specific reference to:
(1) the procedures provided for data collection, concerning the registration and login filling form to the reserved area of the website "Register a new user", functional to the purchase of products and services offered by the Controller, on Registration page;
(2) the procedures provided for data collection, concerning the subscribe filling form to the newsletter of the Controller, in the specific section "Subscribe to newsletter";
(3) the procedures provided for data collection, concerning the product samples sending request filling form, in the specific section "Request a sample";
(4) the procedures provided for data collection, concerning the products and services information request filling form, in the specific section "Information Request".
In particular, the personal data provided by yourself, as data subject, to the Controller, will be processed for the pursuit of the following purposes:
a) To allow the registration to the reserved area of the website, in order to be able to take advantage of the services reserved to registered users, “Fidelity Coins” service included, and with specific reference to the possibility of making online purchases through the e-commerce website http://www.labelado.com;
b) To allow the sending of product samples on specific request, in particular through the section "Request a sample", and then to allow the possible conclusion of a contract for the purchase of products and services offered by the Controller on the website and to allow the correct execution of all the operations connected to it, including the after-sale assistance activities;
c) In response to the specific requests from to the user/data subject to the Controller through the website and its instruments of communication, in particular through the section "Information Request" finalized to the vehiculation of requests for any kind of information relating to the products and services offered by the Controller on the of e-commerce website http://www.labelado.com;
d) For the purposes of direct and/or indirect marketing, especially through the section "Subscribe to newsletter", to allow sending newsletters, information about products, discount vouchers, activities and services, commercial and promotional initiatives from the Controller and from the commercial network belonging to the company itself or of third parties, signalling advertising events, and the promotion of them through letters, telephone, advertising material, communication systems, Internet; to provide statistical surveys aimed at the needs of monitoring the progress of business relations with customers, market research or measurements of the degree of satisfaction on the quality of the services rendered by the company and the activity carried out by means of personal interviews or phone calls, questionnaires;
e) For internal administrative-accounting purposes, as well as to fulfill any obligations of the national and/or European law and/or regulation;
f) To allow the administrative management of contracts, orders, deliveries and invoices;
g) To allow the management of disputes - breach of contract; caveats; transactions; recovery; arbitration; disputes and litigation;
h) To allow the exercise of the internal audit services of security, productivity, quality of services, the integrity of the assets.
This Privacy Information is effective only with reference to the above mentioned website http://www.labelado.com, but not with reference to other and different websites, accessible through links present therein, of which the Controller is not in any way the holder.
Lawfulness of processing
Apart from what is specified above for navigation data, the communication from the data subject to the Controller of the personal data, as above described, has as prerequisites for lawfulness of processing, the following legal bases:
- Art. 6, para. 1, letters (b) and (c) of GDPR, concerning the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject to entering into contact and the compliance with a legal obligation to which the Controller is subject, for the purposes referred to in points a), b), c), e), f) g), h).
- Art. 6, para. 1, letter (a) of GDPR, concerning the data subject freely given, specific, informed and unambiguous consent, withdrawn at any time, for the purposes referred to in point d).
The processing of your personal data is therefore necessary for the integral fulfilment of the purposes referred to in points a), b), c), e), f), g), h), and consequently your refusal to provide the above mentioned data may result in the failure to carry out all the functions and services of the website http://www.labelado.com.
Instead, the processing of your personal data is merely optional with regard to the completion of commercial activities and direct and/or indirect marketing referred to in point d), and therefore the possible lack of consent does not prevent the fulfilment of the other purposes as above indicated. In any case, the consent from you possibly loaned, may be from you withdrawned at any time, with the immediate effect of intermitting the connected activities and business services, without affecting the lawfulness of processing based on consent before its withdrawal.
Method of processing
The processing of the personal data communicated by yourself to the Controller is realized by means of the operations indicated in art. 4, n. 2) of the GDPR, and precisely: "collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction".
The above described personal data are subjected to automated processing for the time strictly necessary to achieve the purposes for which they have been collected, with technical and organizational measures adopted to prevent the loss of data, incorrect criminal use and/or unauthorized access, and such, therefore, to ensure a level of security appropriate to the risk within the meaning of art. 32 of GDPR, by subjects specifically authorized, in compliance with the provisions of art. 29 of GDPR, i.e. employees and/or collaborators of the Controller as authorized subjects and/or system administrators, which can carry out operations of consultation, use, processing, comparison and any other appropriate operation in compliance with the provisions of the law necessary to ensure, inter alia, the confidentiality and security of data as well as the accuracy, updating and relevance of the data in relation to the purposes and methods declared.
It should be noted, in particular, that the above mentioned personal data will be processed only under the controller’s approval, except as specified below, it will be not, therefore, disseminated and, within the meaning of art. 13, paragraph 1, lett. (e), it will be processed only by authorized persons and/or any processor (in person of individual professionals and/or complex professional associations), and/or by entities that operate as autonomous controllers, the list of which is available from the Controller and is supplied after the written request from the data subject, among which ranks, explicitly, the hosting company and/or by technical personnel in charge of the management and/or maintenance of the website, but only and exclusively for the purposes above expressly and specifically indicated.
Dissemination of the data
In relation to the above mentioned purposes, the provided personal data will or may be communicated to the following subjects and/or categories of subjects listed below, or will or may be communicated to companies and/or to persons, providing services, also external, on behalf of the Controller.
First of all, it should be noted that, together with the order you will place, your personal data will be transmitted to the printers with which the Controller currently runs a commercial contractual partnership, having as its object the production of the product you have purchased via the website http://www.labelado.com.
Furthermore, your personal data may be transmitted to the following subjects or categories of subjects - for the sake of greater clarity, but not limited to: professionals and consultants, also as professional firms; subjects the company relies on for the acquisition of commercial information related to contractual or precontractual requirements; companies, external subjects, banks and credit institutions, financial intermediaries not banking, insurance professionals in respect of the standard limits; individuals who perform control activities, review and certification of activities carried out by the company, possibly also in the customers’ interest; subjects that provide computer and telematic services for the management of the computer system used by the Controller and of the telecommunications networks (including the email management and websites and Internet sites - hosting - services cloud storage); the competent authorities and/or supervisory bodies for the performance of the obligations of law; lawfirms for the protection of the contractual rights; individuals who perform fulfilments of control, audit and certification of activities carried out by the Controller; fiscal consultancy companies or consultants; labor consultants; market analysis companies, marketing and advertising consulting.
This Website may share some of the data collected with IT services localized outside of Italy and of the European Union area. In particular with Google, Facebook and Microsoft also through social plugin and the service of Google Analytics. The transfer of personal data outside the EU area is authorized on the basis of specific decisions of the European Union Commision and of the Supervisory Authority for the protection of personal data; in particular, please refer to the Commission Implementing Decision (EU) 1250/2016, so that we do not need further consent, unless subsequent amendments (i.e. “Privacy Shield”: https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/6109035).In any case, in the hypothesis that a personal data transfer off EU area would be necessary, the Controller, as for now, ensures, that the data transfer will be in accordance with all the provisions of applicable law, and in particular in accordance with Articles 44 - 45 - 46 - 47 - 48 and 49 of GDPR.
Retention period od data
We draw your attention to the fact that, in compliance with the principles of lawfulness of processing, purpose limitation and data conservation and minimization, within the meaning of Art. 5 of GDPR, the retention period of your personal data is established for a period not greater than the achievement of the purposes for which they were collected and processed, i.e. for the entire duration of the fulfilment of the above mentioned purposes, and therefore, exhausted the processing finality, your data will be erased from any physical and logical support.
The Controller reserves the possibility to store your personal data for a maximum period of 10 (ten) years after the date of your purchase on the website http://www.labelado.com, corresponding to the contractual limitation term, but in the latter case only and exclusively for the eventual fulfilment of law and/or administrative obligations, or for defense purposes in judgment and/or in order to assert a right in a judicial/out-of-court lawsuit.
At the end of this retention period, your personal data will be erased from any Data Base, computer application and archive, and thus from any physical and logical support.
The automated individual decision-making processes and automated profiling
The Controller informs you that:
(i) for the purposes of the personal data processing, does not avail itself of the decision-making automated processes, i.e. those directed to take decisions based solely on technological means on the basis of predetermined criteria (i.e. without the human involvement);
(ii) Under a specific consent on Art. 22, para. 2, letter (c) of GDPR on the use of first and third party profiling cookies, and under a specific consent on Art. 22, para. 2, letter (c) of GDPR, provided by yourself in order to register to the reserved area of the website, on the page /accounts/register/, and/or provided by yourself in order to submit a sending request for a product sample, will process your personal data, limited to the navigation data, as well as to certain common personal data provided before the registration to the website reserved area (i.e.: tax code, telephone number, Zip code, email address), in order to carry out profiling activities with automated means aimed to provide a more personalised service. These activities may consist specifically:
- In monitoring and tracking of user behavior (patterns) through the collection and recording of navigation data (es: visited pages, displayed product categories, if you have or not purchased a product, abandoned baskets, access device) and data purchase (e.g.: type of product purchased, frequency of purchases, amounts spent, payment);
- In the analysis and processing of navigation data, where provided, together with the common data communicated by the user before the registration to the website as mentioned above, in
Information on the processing of personal data order to display banners with personalized offers to the user, as well as in order to identify and offer, as a result of the user registration on the website, products considered to be of greater potential interest for the user itself.
The profiling activity carried out by the Controller is exclusively aimed to provide the user with customized products and services and, then, a better and more complete use experience of the website http://www.labelado.com, and does not produce legal effects affecting significantly on the person.
Rights of data subject
Right of access ex art. 15 of the GDPR and Right to rectification ex art. 16 of the GDPR
As the data subject, within the meaning of Art. 15 of the GDPR, you have the right to obtain from the Controller the confirmation of the existence or not of a personal data processing concerning yourself, to obtain access to them and to all the information referred to in Article 15, paragraph 1, letters (a) to (h), by release of the copy of the processed data in structured, of common use, readable by automatic device and interoperable format.
Pursuant to Art. 16 of the GDPR, you also have the right to obtain from the Controller the rectification and/or integration of the processed data, if they are not accurate and/or updated and/or incorrect and/or incomplete.
Right to erasure ex art. 17 of the GDPR and Right to restriction of processing ex art. 18 of the GDPR
As the data subject, you have the right to obtain, without undue delay, from the Controller, exclusively in the cases referred to in Art. 17, paragraph 1, letters (a) to (f), of the GDPR, the erasure of the data concerning yourself - with the exception of specific cases provided for by Art. 17, paragraph 3.
As the data subject, within the meaning of Art. 18, paragraph 1, letters (a) to (d) of the GDPR, you have the right to request and obtain from the Controller the restriction of processing of your personal data, i.e. that such data are not subjected to additional processing and can no longer be modified. The Controller ensures, as for now, that the restriction of processing will be carried out by technical devices adapted to ensure their inaccessibility and immutability.
The Right to data portability ex art. 20 of the GDPR
As the data subject, you have the right to receive, within the meaning of Art. 20 of the GDPR, from the Controller, the personal data concerning yourself, whose processing is performed by automated means, in a structured, commonly used and machine-readable format, and you also have the right to transmit such data to another controller, i.e. to obtain from the Controller, where technically feasible, the direct transmission of such data to another controller specifically identified.
Right to object ex art. 21 of the GDPR
You have the right to object in any moment to the processing of personal data concerning yourself, for reasons related to your particular situation, in cases where the processing of your personal data is necessary (1) for the execution of a task in the public interest and/or connected to the exercise of public powers which is invested the Controller; (2) for the pursuit of a legitimate interest of the Controller or of a third party; (3) for profiling activities performed by the Controller on the basis of the preceding points.
You also have the right to object to the processing of your personal data for reasons related to your particular situation, where the personal data are processed for scientific or historical research or for statistical purposes, in accordance with Article 89, paragraph 1. of the GDPR, except when the processing is necessary for the execution of a public interest task.
How to exercise the rights
You may exercise the rights as listed above by request to be sent to the following email address firstname.lastname@example.org or by registered letter with return receipt to the following address "LABELADO s.r.l., with registered office at Via Cerrato n. 1, 12051 Alba (CN)", to the attention of Mrs. Federica Artuffo, as internal referent with regard to users privacy and personal data protection.
The Controller will confirm receipt of your request and will give you the information relating to the action taken with reference to the exercise of your rights provided for in Articles 15 to 22 of the GDPR, within one (1) month after receipt of the request. If necessary, and taking into account the complexity and the number of requests, the Controller may extend this period of two (2) months after communication motivated by transmitting within one (1) month after receipt of the request.
The Controller will communicate any rectification, cancellation, limitation, opposition to all recipients, as identified by the art. 4, paragraph 1, n. 9 of the GDPR, to which such data have been transmitted, unless this proves impossible or involves a disproportionate effort.
Following the sending of your request for correction, cancellation, opposition, limitation, if the Controller has reasonable doubts about your identity will ask you more information to confirm it. These notifications will be sent via email from the following address email@example.com and they will be processed by person specifically authorized for this purpose.
If the Controller does not comply with the request within a period of one (1) month after receipt of the request, it will inform you about the reasons for the non-compliance and about your faculty to lodge a complaint with a Supervisory Authority (i.e. the Italian “Autorità Garante per la protezione dei dati personali”), as specified pursuant to Art. 13, paragraph 2, letter (d), and governed by Articles 77 ff. of the GDPR.