Privacy and Cookie Policy
INFORMATION ON THE PROCESSING OF PERSONAL DATA
WHY THIS INFORMATION
Pursuant to Regulation (EU) 2016/679 (hereinafter 'Regulation'), this page describes the methods of processing personal data of users of the following websites:
1. www.thesecretsofstyle.com
2. www.isegretidellostile.com
This information does not concern other sites, pages or online services that can be reached via hyperlinks possibly published on the Site but referring to external resources.
JOINT DATA CONTROLLERS
The Joint Data Controllers are:
Italian Style Network APS - Via E.Agnoletti, 8 - 50052 Certaldo (FI) - VAT 07412500485 - Tel. +39 3883281713 - Email: info@italianstylenetwork.it - Legal Representative: Federico Basili
(also referred to as 'Controllers').
PURPOSES OF PROCESSING AND LEGAL BASIS
Purpose of processing
Data are processed for the following purposes:
1. strictly connected and necessary for registration, services and/or any Apps developed or made available by the Controllers, for the use of related information services, for the management of contact or information requests, for the purchase of products and services offered through the Controllers' Sites;
2. for activities related to the management of User requests and sending feedback which may include the transmission of promotional material; for the completion of the purchase order of products and services offered, including aspects related to payment by credit card, management of shipments, any exercise of the right of withdrawal provided for distance purchases, updates on the availability of products and services temporarily unavailable;
3. related to the fulfillment of obligations provided for by EU and national regulations, to the protection of public order, to the detection and repression of crimes;
4. direct marketing, i.e. sending advertising material, direct sales, carrying out market research or commercial communication of products and/or services offered by the Controllers; this activity may also concern products and services of the Controllers and be carried out by sending advertising/information/promotional material and/or invitations to participate in initiatives, events and offers aimed at rewarding users, carried out with traditional methods (for example, postal mail and/or operator calls), or by means of automated contact systems (for example, SMS, phone calls without operator intervention, e-mail, fax, interactive applications);
Legal bases
The provision of data for the purposes referred to in points 1), 2) and 3), connected to a pre-contractual and/or contractual phase or functional to a User request or provided for by a specific legal provision, is mandatory and, in the absence thereof, it will not be possible to receive information and access the services possibly requested. With regard to point 4) of this Information on the processing of personal data, the User's consent to the processing of data is instead free, optional and always revocable without consequences on the usability of products and services except for the impossibility for the Controllers to keep the User updated on new initiatives or on particular promotions or benefits that may be available.
TYPES OF DATA PROCESSED
Browsing dataThe Controllers inform you that the personal data you provide and acquired at the same time as the request for information and/or contact, registration on the Sites and use of services via smartphone or any other tool used to access the Internet, as well as the data necessary for the provision of such services, including browsing data and data used for the possible purchase of products and services offered by the Controllers but also the so-called 'browsing' data of the Site by Users, will be processed in compliance with the applicable legislation.
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of the Internet. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes 'IP addresses' or domain names of computers used by users who connect to the Sites, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the web server, the size of the file obtained in response, the numerical code indicating the status of the response given by the web server (success, error, etc.) and other parameters relating to the user's operating system and IT environment.
These data are used only to obtain anonymous statistical information on the use of the Site and to check its correct functioning. It should be noted that the aforementioned data could be used to ascertain responsibility in case of computer crimes against the Controllers' Site or other sites connected or linked to it: except for this possibility, at present the data on web contacts do not persist for more than a few days.
The Controllers collect, store and process personal data in order to provide the products and services offered on the Site, or for legal obligations. With regard to certain specific Services, Products, Promotions, etc., the Controllers may also process your data for commercial purposes. In such cases, specific, separate, optional and always revocable consent will be requested in the manner and at the contacts indicated.
The optional, explicit and voluntary sending of e-mails to the addresses indicated in the appropriate section of the Website, as well as the completion of questionnaires (e.g. forms), communication via chat, push notification via APP, social network, call center, etc., entails the subsequent acquisition of some of your personal data, including those collected through the use of Apps and related services, necessary to respond to requests.
We also point out that during the use of mobile devices to access digital content and services offered directly by the Controllers, or by our Partners, your data may be transferred to the operators of such devices or the connection, which are beyond our control. We also point out that you may access the Sites or connect to areas where you may be enabled to post information using blogs or notice boards, communicate with others, review products and offers, post comments or content (for example from the Controllers' page on Facebook®, LinkedIn®, YouTube®, and other social networking sites). Before interacting with such areas, we invite you to carefully read the General Terms of Use and the Privacy Policies of such social platforms, bearing in mind that, in certain circumstances, the information published may be viewed, read, collected and used by anyone with Internet access.
On the pages of the Controllers' site where data are collected (e.g. data collection forms for the provision of certain services or for participation in specific initiatives), specific information will be published and, where necessary, specific consent will be requested.
METHODS, LOGIC OF PROCESSING, RETENTION TIMES AND SECURITY MEASURES
Processing is also carried out with the aid of electronic or otherwise automated means and is carried out by the Controllers and/or by third parties whom the Controllers may use to store, manage and transmit the data. The processing of data will be carried out with organizational and processing logics of your personal data, also relating to logs originated from access and use of the services made available via web, of the products and services used related to the purposes indicated above and, in any case, in such a way as to guarantee the security and confidentiality of the data. The personal data processed will be kept for the time necessary to achieve the purposes indicated or as provided for by the applicable regulations (e.g. tax).
Also with regard to data security, in the sections of the Website set up for particular services, where personal data are requested from the browsing User, the data are encrypted using a security technology called Secure Sockets Layer, abbreviated as SSL. SSL technology encodes information before it is exchanged over the Internet between the User's computer and the Controllers' central systems, making it incomprehensible to unauthorized persons and thus ensuring the confidentiality of the information transmitted; in addition, transactions carried out using electronic payment instruments are carried out using the platform of the Payment Service Provider (PSP) and the Controllers retain only the minimum set of information necessary to manage any disputes. Specifically regarding the protection of personal data, the User is invited, pursuant to art. 33 of the GDPR, to report to the Controllers any circumstances or events from which a potential personal data breach may arise in order to allow an immediate assessment and the adoption of any actions aimed at countering such an event by sending a communication to the Controllers at the contacts indicated. The measures adopted by the Controllers do not exempt the User from paying the necessary attention to the use, where required, of passwords/PINs of adequate complexity, which must be updated periodically, especially if the User fears they have been violated/known by third parties, as well as to keep them carefully and make them inaccessible to third parties, in order to avoid improper and unauthorized use.
Currently the Controllers use the Server Aruba Business service, of the company Aruba Spa, based in Arezzo (Italy).
AREAS OF COMMUNICATION AND TRANSFER OF DATA.
For the pursuit of the purposes indicated above, the Controllers may communicate and have processed, in Italy and abroad, the personal data of users to third parties with whom we have relationships, where these third parties provide services at our request. We will provide these third parties only with the information necessary to perform the requested services, taking all measures to protect your personal data.
Data may be transferred outside the European Economic Area if this is necessary for the management of your contractual relationship. In this case, the recipients of the data will be subject to protection and security obligations equivalent to those guaranteed by the Controllers. In the case of services offered directly by Partners, we will provide only the data strictly necessary for their performance. In any case, only the data necessary for the achievement of the intended purposes will be communicated and, where required, the guarantees applicable to data transfers to third countries will be applied.
We may also disclose personal data to our commercial service providers, for marketing reasons, for this purpose appointed as external data processors. In addition, personal data may be communicated to the competent public authorities for the fulfillment of regulatory obligations or for the detection of responsibility in case of computer crimes against the Site, as well as communicated to, or allocated at, third parties (as data processors or, in the case of providers of electronic communication services, as independent controllers), who provide IT and telematic services (e.g.: hosting services, website management and development) and whom the Controllers use for the performance of tasks and activities of a technical and organizational nature instrumental to the operation of the Website.
The subjects belonging to the categories listed above operate as separate Data Controllers or as Data Processors appointed by the Controllers.
Personal data may also be known by employees/consultants of the Controllers who are specifically trained and appointed as Authorized Subjects for processing.
The categories of recipients to whom the data may be communicated are available by contacting the Controllers at the contacts indicated.
RIGHTS OF DATA SUBJECTS
You may exercise at any time the rights recognized by law, including the right to:
- access your personal data, obtaining evidence of the purposes pursued by the Controllers, the categories of data involved, the recipients to whom they may be communicated, the applicable retention period, the existence of automated decision-making processes;
- obtain without delay the rectification of inaccurate personal data concerning you;
- obtain, in the cases provided for, the erasure of your data;
- obtain the restriction of processing or object to it, where possible;
- request the portability of the data you have provided to the Controllers, i.e. to receive them in a structured, commonly used and machine-readable format, also to transmit such data to another controller, within the limits and under the conditions provided for by art. 20 of the GDPR;
In addition, you may lodge a complaint with the Data Protection Authority pursuant to art. 77 of the GDPR.
For the processing referred to in point 4) of the purposes, the User may always withdraw consent and exercise the right to object to direct marketing (in both traditional and automated forms). The objection, in the absence of contrary indication, will refer to both traditional and automated communications.
The above rights may be exercised upon request of the Data Subject using the contacts of the Controllers.
RIGHT TO COMPLAIN
Data subjects who believe that the processing of personal data concerning them carried out through this Site is in violation of the provisions of the Regulation have the right to lodge a complaint with the Authority, as provided for by art. 77 of the Regulation itself, or to take appropriate legal action (art. 79 of the Regulation).
COOKIES AND OTHER TRACKING SYSTEMS
WHAT ARE COOKIES
Cookies are small text strings that the sites visited by the User send to his terminal (usually to the browser), where they are stored to be then retransmitted to the same sites at the next visit by the same User. While browsing a site, the User may also receive cookies that are sent from sites or web servers other than the one being visited (so-called 'third parties'), on which some elements (such as images, maps, sounds, specific links to pages of other domains) present on the site being visited may reside.
Cookies, usually present in users' browsers in very large numbers and sometimes even with characteristics of wide temporal persistence, are used for different purposes: execution of computer authentication, session monitoring, storage of information on specific configurations regarding users accessing the server, etc.
TYPES OF COOKIES
TECHNICAL COOKIESTechnical cookies are those used solely for the purpose of 'carrying out the transmission of a communication over an electronic communications network, or to the extent strictly necessary for the provider of an information society service explicitly requested by the subscriber or User to provide such service' (see art. 122, paragraph 1, of the Code). They are not used for further purposes and are normally installed directly by the Controllers or the website manager.
- browsing or session cookies, which ensure normal navigation and use of the website (allowing, for example, purchases to be made or authentication to access restricted areas);
- analytics cookies, assimilated to technical cookies when used directly by the Controllers of the site to collect information, in aggregate form, on the number of users and how they visit the site itself;
- functionality cookies, which allow the User to navigate according to a set of selected criteria (for example, language, products selected for purchase) in order to improve the service provided to the same.
For the installation of such cookies, the prior consent of users is not required, while the obligation to provide the relevant information remains ( see FAQ Garante Privacy ).
Profiling cookies are aimed at creating profiles relating to the User and are used in order to send advertising messages in line with the preferences expressed by the same in the context of web browsing.
PUBLISHERS AND THIRD PARTIESAnother element to consider, for the correct definition of the subject matter, is the subjective one. That is, it is necessary to take into account the different subject who installs cookies on the User's terminal, depending on whether it is the same manager of the site that the User is visiting (which can be briefly referred to as 'publisher') or a different site that installs cookies through the first (so-called 'third parties'). It is important to always be clear about this distinction in order to correctly identify the respective roles and responsibilities, with reference to the provision of information and the acquisition of consent from online users.
COOKIES USED BY THE CONTROLLERSThe Controllers use cookies for different purposes, in order to offer you a fast and secure digital experience, for example, allowing you to keep your connection active in the protected area while browsing through the pages of the Site. Cookies stored on your terminal cannot be used to retrieve any data from your hard drive, transmit computer viruses or identify and use your e-mail address. Each cookie is unique in relation to the browser and device you use to access the Websites or use the Controllers' App. In general, the purpose of cookies is to improve the functioning of the Site and the User's experience in using it, although cookies can be used to send advertising messages (as specified below).
List of cookies in use, retention time and privacy policy of third parties.
Google Analytics (for marketing and re-marketing): 14 months Privacy Policy
Metricool (for marketing): 14 months; Privacy Policy
Facebook (for marketing and re-marketing): 90 days; Privacy Policy
Clarity (for marketing): 12 months; Privacy Policy
Internal technical cookies: 24 months; Refer to this policy
Cookie management
The user can manage their cookie preferences through the features present in common browsers that allow you to delete/remove cookies (all or some) or to change the browser settings to block the sending of cookies or to limit it to specific sites (compared to others). Therefore, it is possible to deny the use of cookies by following the disabling procedure provided by your browser. Below are the methods proposed by the main browsers: Microsoft Windows Explorer, Mozilla Firefox, Google Chrome, Apple Safari, Google Analytics by downloading a specific browser plug-in. For information on the cookies stored on your terminal and to disable them individually, refer to the link: http://www.youronlinechoices.com/it/le-tue-scelte
Other options for managing cookies directly from the browser
Block third-party cookiesThird-party cookies are generally not essential for browsing, so you can refuse them by default, through specific functions of your browser.
Enable the Do Not Track optionThe Do Not Track option is present in most modern browsers. Websites designed to respect this option, when activated, should automatically stop collecting some of your browsing data. As mentioned, however, not all websites are set up to respect this option (discretionary).
Enable 'anonymous browsing' modeWith this function you can browse without leaving any trace of your browsing data in the browser. Sites will not remember you, the pages you visit will not be stored in the history and new cookies will be deleted. However, anonymous browsing does not guarantee anonymity on the Internet, because it only serves not to keep browsing data in the browser, while your browsing data will continue to be available to website managers and connectivity providers.
Delete cookies directlyThere are specific functions to do this in all browsers. However, remember that new cookies are downloaded every time you connect to the Internet, so the deletion operation should be performed periodically. If you wish, some browsers offer automated systems for the periodic deletion of cookies.