Privacy policy

PRIVACY POLICY

General Information

Pursuant to the legislation applicable to protection of personal data (hereinafter “Privacy Legislation”), including EU Regulation 2016/679 (hereinafter “GDPR”), Legislative Decree 196/2003 as amended by Legislative Decree 101/2018 (hereinafter “Privacy Code”), ALCA S.r.l. unipersonale (hereinafter “Data Controller”), as data controller, provides users (hereinafter “Users” or “User”) of the website www.carmenbellvis.com (hereinafter “Website”), that will process their personal data collected through the Website itself in the modalities and for the purposes described in this privacy notice.

The User, by browsing the Website, acknowledges that he/she has read and understood the contents of this notice.

 

1. Data Controller

The data controller of personal data collected by this Website is ALCA S.r.l.s. unipersonale, with registered office in Italy, Milan (MI) – Via Livenza 7, C.F., VAT no. 12770240963 (hereinafter “Data Controller”).

The Data Controller can be contacted by email at the following address: info@carmenbellvis.com.

 

 

2. Types of personal data processed through the Website

Through the interaction with the Website the Data Controller processes the following Users’ data:

  • Data collected during the Website navigation:

Navigation data that informatic systems automatically collect during the use of the Website, such as IP address, URI (Uniform Resource Identifier), identification codes, as well as details on the requests sent by the User terminal to the Website’s server, which enable the navigation.

The navigation data can also be used to fill in anonymous statistics which support a better understanding of how the Website works and can improve its structure.

It is understood that navigation data could possibly be used for the investigation about illegal activities as in the case of cyber-crimes aimed to damage the Website.

  • Data provided by the User:

This is data voluntarily provided by data subject such as, but not limited to:

(a) identifying data: name, surname, tax code etc.;

(b) contact data: cell phone, e-mail, address;

(c) payment data: iban, credit card number etc.

 

3. Purposes of the processing and legal basis

Data Controller informs the User that personal data are processed for the following purposes.

  • Performing the adequate maintenance and technical assistance to guarantee the proper functioning of the Website and of the related services in order to improve quality and structure of the Website or to develop new content.

The legal basis for the processing can be found in the legitimate interest of the Controller to keeping and updating the Website functionalities pursuant to Article 6 (1) (f) of GDPR.

  • Manage the ecommerce service, i.e. the purchase and delivery of products. Data Controller use your personal data to receive and process orders, provide products and/or services, enable processing of related payments, and provide you with communications regarding orders, products, and related offers.

 The legal basis for the processing can be found in the performance of the contract to which the data subject is a party pursuant to Article 6 (1) (b) of GDPR.

  • Management of administrative, accounting and legal issues related to the provision of eCommerce service.

The legal basis for the processing can be found in the performance of the contract to which the data subject is a party pursuant to Article 6 (1) (b) of GDPR and for compliance with a legal obligation to which the Data Controller is subject pursuant to Article 6 (1) (c) of GDPR.

  • Customer service management.

The legal basis for the processing can be found in the performance of the contract to which the data subject is a party pursuant to Article 6 (1) (b) of GDPR.

  • Manage the newsletter service to allow the User, following the completion of the related registration form, to receive e-mail communications of an informative and informative nature on the activities, products and services of the Controller, as well as any invitations to events and/or initiatives organized by the Controller.

The legal basis for the processing can be found in the performance of the contract to which the data subject is a party pursuant to Article 6 (1) (b) of GDPR.

If the User, in the future, wish to stop receiving any communications send by the Data Controller with informative and informational purposes he/she can unsubscribe from the newsletter, by selecting "unsubscribe" link, at the bottom of the email communications.

 

5. Provision of personal data

The provision of the personal data implicitly provided by the User occurs automatically by browsing the Website. Therefore, if the User does not intend to provide any personal data by browsing the Website, please do not visit this Website, do not otherwise use this Website, do not send any request or communication through the Website, or do not provide your consent when such option is offered to you pursuant to the Privacy Legislation.

The provision of the personal data directly provided by the User is optional. However, failure to provide such personal data may result in the User being unable to make purchases on the Website.

The provision of the personal data directly provided by the User in order to receive the newsletters is necessary to finalize the subscription to, and take advantage of, the newsletter service or the mailing list of the specific industries. However, failure to provide such personal data, in whole or in part, could lead to the impossibility for the User to receive the newsletter.

 

6. Methods of processing

The Data Controller, through the Website, performs the following operations related to the processing of personal data: collection, use and processing, storage, consultation, transmission and erasure.

Personal data are processed with automated tools, following logical procedures that are strictly related to the purposes, and to the period strictly necessary to achieve purposes for which data had been collected.

Information gathered/collected is registered in an environment which ensures its integrity and physical and logical security as well.

7. Transfer of personal data

Personal data is processed under the authority of Data Controller only by specifically authorized subjects. Personal data could also be processed by third parties, providers of external services (i.e. for technical assistance, cloud services) in accordance with the Privacy Policy and instructions from the Data Controller.

The Controller may also transfer the User’s data to supervisory or monitoring bodies, to Judicial Authorities, as well as to all other subjects to which the communication is required by law or for the fulfilment of purposes mentioned in point 5, as autonomous data controllers.

Users’ data is not disseminated to the public or to undefined subjects.

The potential transfer of the User’s personal data in non-EU countries could occur only following terms and guarantees provided by the Privacy Legislation.

 

8. Data retention period

The personal data collected for the Purposes referred to in Section 3 (i) will be processed and retained for the duration of browsing and, when the browser is closed, in any case, no longer than 24 months after their collection.

The personal data collected for the Purposes referred to in Section 3 (ii), (iii), (iv), (v) will be stored only for as long as is strictly necessary to achieve the purposes for which they were collected and, in any case, no longer than 10 years after their collection.

At the end of the retention periods, the personal data will be erased, unless there are further legitimate interests of the Data Controller and/or further legal obligations that make it necessary, after minimization, to retain them.

 

9. Data subjects’ right

The User, as data subject, in accordance with the law, will always have the right to to exercise, at any time, the following rights:

  • “right of access” i.e. the right to obtain confirmation as to whether or not personal data concerning the User are being processed and the communication of such data in an intelligible form;

  • “right to rectification” i.e. the right to request the rectification or, if interested, the integration of personal data;

  • “right to erasure” i.e. the right to request the erasure or the anonymization of personal data that have been processed unlawfully, including data whose storage is unnecessary for the Purposes for which they were collected or further processed;

  • “right to restriction of processing” i.e. the right to obtain from the Data Controller the limitation of the processing in certain cases provided for under the Privacy Legislation;

  • right to request the Data Controller to indicate the recipients to whom it has notified any rectification or erasure or restriction of processing (carried out in accordance with Articles 16, 17 and 18 GDPR, in fulfilment of the notification obligation unless this proves impossible or involves disproportionate effort);

  • “right to data portability” i.e. the right to receive (or transmit directly to another data controller) personal data in a structured, commonly used and machine-readable format;

  • “right to object”, i.e. the right to object, in whole or in part:

(a) the processing of personal data carried out by the Data Controller for its own legitimate interest;

(b) the processing of personal data carried out by the Data Controller for direct marketing or profiling purposes.

Furthermore, the User is entitled to object to a processing performed by the Controller due to his legitimate interest, to the recurrence of particular situations concerning him, as well as to withdraw, at any time, his consent (if given).

In the cases provided by the Privacy Legislation, the User is also entitled to obtain the restriction of the processing of his personal data, as well as to request the erasure or the anonymization of such data.

In the above cases, where necessary, the Data Controller will inform the third parties to whom the User‘s personal data have been disclosed of the his/her exercise of rights, unless it is not possible or is too onerous and, in any case, in accordance with the provisions of the Privacy Legislation.

The User is entitled to exercise his/her rights at any time in the following manner:

  1. by e-mail, to the address: info@carmenbellvis.com;

  2. by sending a letter to the address of the registered office of ALCA S.r.l. unipersonale: Via Livenza 7, 20135, Milan.

The Data Controller hereby informs the User that, pursuant to the Privacy Legislation, he/she has the right to lodge a complaint with the competent supervisory authority (in particular in the Member State of User’s habitual residence, place of work or place of the alleged breach), if he/she is of the opinion that his/her personal data are being processed in a way that would lead to breaches of the GDPR.

 

10. Changes to the policy statement

The possible introduction of new sector regulations and the constant examination and updating of the services offered, could entail the need to vary the methods of processing personal data. It is therefore possible that this information may change over time.

Data Controller therefore invites you to periodically consult this page by viewing the information revision date. The new amended or corrected information will apply from the revision date.