PRIVACY POLICY
In compliance with Article 13 of the GDPR (EU Regulation 2016/679), in accordance with the principle of transparency, the following information is provided to inform users of the characteristics and methods of processing the personal data of users of the duetoscani.com website.
Who processes your personal data?
The Data Controller is the natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data. It also handles security aspects.
a) Identity and contact details
The “Data Controller” for this website is Hircus Filati di Federico Scatizzi (hereinafter “Due Toscani”). The contact details are as follows:
Legal representative: Federico Scatizzi
Registered office: Via Battista Tettamanti, 19, 59100 Prato (PO)
The following contact details are provided: Telephone: +39 366 1436185; Email address: [email protected]
Certified email address (PEC): [email protected]
Please note that the organization has not deemed it necessary to appoint a Data Protection Officer, pursuant to Article 37 of the GDPR.
What data do we process about you and how do we collect it?
• Cookies and browsing data.
We collect your personal data when you access the duetoscani.com website during navigation. In this case, the system automatically collects a series of information (logs) that identify:
• IP address;
• the referring page;
• the referring page; • the type of browser and operating system used by the user;
• domain names of the computers used by users connecting to the site;
• URI (uniform resource identifier) addresses of the requested resources;
• time of the request;
• method used to submit the request to the server;
• size of the file obtained in response;
• numerical code indicating the status of the response from the server (successful, error, etc.);
• other parameters relating to the user’s operating system and IT environment.
This information is processed automatically and collected exclusively in aggregate form to verify the correct functioning of the site and for security reasons. This information will be processed based on the legitimate interests of the data controller.
For security purposes (spam filters, firewalls, virus detection), automatically recorded data may also include personal data such as the IP address, which could be used, in accordance with applicable laws, to block attempts to damage the site or other users, or otherwise engage in harmful or criminal activities. This data is never used to identify or profile users, but only to protect the site and its users. This information will be processed based on the data controller’s legitimate interests. This data is not intended for disclosure to third parties (except upon requests, in accordance with the law, by public authorities, including the police, judicial authorities, and other entities for public security purposes), nor is it intended for dissemination.
Session cookies may be used for the proper functioning of the site. Information on Hircus Filati’s Cookie Policy can be found further down on this page:
• Data provided when registering for an account on the duetoscani.com website, for requesting information about services.
The optional, explicit, and voluntary submission of your data through the registration form to request information on services provided through the Due Toscani brand entails the acquisition of the aforementioned data by Hircus Filati. This data is considered voluntarily provided with express acceptance of this privacy policy, simply by completing the registration process. The data received upon account registration will be used exclusively for sending the catalog and subscribing to a non-commercial newsletter.
For what purposes may we process your personal data?
• Browsing data.
Regarding the methods of processing data collected by the site during its operation, please refer to the Cookie Policy.
• Data voluntarily provided by the user.
The optional, explicit, and voluntary sending of emails to the addresses indicated on this site entails the subsequent acquisition of the sender’s address, solely for the purpose of responding to the requests contained in the communication.
• Data provided when requesting to subscribe to the newsletter.
They are used only for the purposes related to the newsletter.
How do we protect your personal data?
Hircus Filati is a company that takes the security of its users’ data very seriously and seeks to improve solutions to prevent data loss, illegitimate or unlawful use, and unauthorized access.
Where do we process your personal data? The personal data processed by Hircus Filati is processed exclusively within the EU and is not transferred to third countries.
How long is your data retained? The data collected is used exclusively for the purposes indicated above and retained for the time strictly necessary to process your request and, in any case, for registration data, until the user requests deletion. For data relating to the performance of any contracts, in any case outside the dynamics of this website, the retention period is 10 years as per the Italian Civil Code.
To whom can we disclose the data? The data collected is not intended for communication to third parties or dissemination, without prejudice to any request from public authorities, including the police, judicial authorities, and other entities for public security purposes. What are your data protection rights? With regard to the processing of your personal data, you may exercise the following rights:
1. Right of access to your personal data (Article 15 of the GDPR):
this is the right to obtain information from the Data Controller at any time about the data held by the Data Controller, including the methods of collection, purposes, recipients, etc.;
2. Right to obtain rectification or erasure of data (Article 16 of the GDPR):
this is your right to request the Data Controller to rectify your data, so that it is kept up-to-date, relevant, correct, and complete.
3. Right to restriction of processing (Article 18 of the GDPR):
this is exercised in specific cases expressly provided for by the GDPR, when processing must be limited to what is necessary for the purposes of storage and not to further operations:
a) if the data subject contests the accuracy of the personal data, for a period enabling the data controller to verify the accuracy of the data;
b) in the event of unlawful processing, when the data subject opposes the erasure of personal data, requesting that, instead of erasure, their use be limited; c) when the data controller no longer needs or intends to retain the data, but there is a need to retain it because it is “necessary for the data subject to ascertain, exercise, or defend legal claims”;
d) in the event of objection to processing, pending the verifications necessary to determine whether the legitimate grounds of the data controller or the data subject’s rights prevail;
4. Right to erasure (Article 17 of the GDPR):
the right to request the anonymization or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed.
5. Right to object to processing (Article 21 of the GDPR):
Everyone has the right to object to data processing if it is necessary for the performance of a task carried out in the public interest, for scientific, historical, or statistical research purposes, or in the exercise of official authority vested in the data controller, or if the processing is necessary for the pursuit of the legitimate interests pursued by the data controller or by a third party, even if such processing involves profiling, for reasons relating to their particular situation. In the case of data processed for direct marketing purposes, including profiling related thereto, the data subject may object at any time. 6. Right to data portability (this right applies only to data in electronic format), as regulated by Article 20 of the GDPR, meaning the right to receive the personal data concerning them from a data controller in a structured, machine-readable format and to transmit it to another data controller.
How can you exercise your rights?
Hircus Filati strives to provide maximum assistance to users of the website www.cashmere-madeinitaly.com, providing a dedicated contact point: [email protected], to facilitate and expedite the processing of any requests relating to personal data, as well as the exercise of the rights listed above. Responses are provided as quickly as possible, and in any case within 30 days, as required by the GDPR. In any case, the exercise of these rights can be exercised by filing a complaint with the supervisory authority (Italian Data Protection Authority).
For further information and details, please visit www.garanteprivacy.it.