Privacy policy
Privacy Policy
INFORMATION ABOUT PERSONAL DATA PROCESSING
of users who consult the PPM Srl website pursuant to Article 13 of Regulation (EU) 2016/679
In accordance with the Regulation (EU) 2016/679 GDPR (the "Regulations"), this page describes how users’ personal data who consult website of PPM Srl from the address: https://caramellina.com/
This information is also formulated in accordance of Recommendation no. 2/2001, adopted by Article 29 Working Group on 17 May 2001, in order to identify some minimum requirements for the collection of personal data online, and, in particular, the method, timing and nature of the information that the Data Controller must provide to users when they connect to web pages, regardless of the connection purpose.
This information does not concern other sites, pages or online services that can be reached via hypertext links that may be published on the site.
DATA CONTROLLER
This website collects some personal data from users.
Data Controller is PPM Srl, based in Viale Andrea Doria, 39 20124 Milano, telephone +39 02 6601 0176, e-mail info@caramellina.com
LOCATION
Data are processed at the Data Controller headquarter. The users’ Personal Data may be transferred to the country in which users are located.
LEGAL BASIS
Personal data indicated on this page are processed to pursue a legitimate interest of the data controller to guarantee the regular functioning of the web services and to obtain statistical information about visits and about the use of services themselves (Article 6, par .1 , letter f) of the Regulation); as necessary for the execution of a contract or in order to take steps at the request of the data subject prior entering to a contract (Article 6, paragraph 1, letter b) of the Regulation) with the purpose to respond to requests received by the contact addresses and with the purpose to manage the online shop and users’ account; to fulfill legal obligations (Article 6, paragraph 1, letter c) of the Regulation); with the data subject’s consent (Article par.1, letter a) of the Regulation) for direct marketing purposes (installation and use of cookies and other tracking systems).
TYPES OF DATA PROCESSED AND PURPOSE OF THE PROCESSING
Navigation data
The computer systems and software procedures used to operate this site acquire, during their normal operations, some personal data and information whose transmission is implicit in the use of Internet communication protocols, based on the TCP / IP protocol. The information and personal data are not collected to be associated with identified subjects, but by their very nature they could allow the identification of the user. This category of data includes IP addresses, computer domain names (hostnames) used by users, URI / URL (Uniform Resource Identifier / Locator) addresses of the requested resources, the time of the request, the method used, the size of the file obtained, in response to a request sent to the server, the numerical code indicating the status of the response given by the server (successful, error, etc.), some information regarding the geolocation of the request and the fingerprint of the users’ computer environment.
These data are necessary for the functioning of web services, as they are necessary to submit requests to servers. They are also processed for obtaining statistical information about the use of services (most visited pages, number of visitors per hour or day, geographical areas of origin, etc.); checking the correct functioning of the services.
The data and information listed above could be used to ascertain responsibility in case of hypothetical crimes against the site, and for the same reason retained by ISP (Internet Service Provider) and by the web hosting service provider (provider of the physical space in which the web server is located).
Data communicated by the users - "Contacts"
Through the "Contacts" section it is possible for users to send us requests of information about our products provided by the online shop, simply writing an e-mail to the address indicated. This procedure involves the acquisition of some contact details of the sender such as the sender's e-mail address and the content of the message itself.
The processing in question does not require the consent because it is necessary for the execution of a contract or in order to take steps at the request of the data subject prior entering to a contract to respond and follow up on requests received; therefore the provision of data is to be considered necessary for the completion of the request: the failure to provide them would make it impossible to follow up and respond to requests.
Sending messages via the e-mail address indicated and filling out the form does not involve the automatic subscription to a mailing list with a promotional or commercial purpose.
Online shop
Personal data acquired at the time of the registration to the shop are processed in order to manage the e-commerce services, as they are necessary for the execution of a contract with the data subject. In particular, they will be processed in order to allow registration on the site, to create and to delete the user account, to acquire and to process orders, to manage shipments and complaints, to fullfill the payment proceess, to send notifications by e-mail on the order and shipment status, to fulfill legal obligations, for example the legislation on electronic commerce and the legislation relating to consumer protection "Consumer Code", relating for example to the management of returns and to the summary communications of the order placed.
The processing in question does not require the acquisition of consent since it is necessary for the execution of a contract of which the interested party is a party and for the fulfillment of legal obligations, therefore the provision of data is to be considered necessary for the management and provision of the online shop service: failure to provide them would make it impossible to provide the online sales services.
E-mail marketing
E-mail address may be used in order to send advertising about our products, with the purpose to keep our customers informed with promotional campaign. To do that we have to acquire consent, that users can express by fulfil the checkbox after the conclusion of the order. The consent can be withdraw at any time, without affecting the lawfulness of processing based on consent before its withdrawal. In order to sent personalize advertising, the e-mail message is targeted on the customer’s shopping preferences.
Users can cancel their address from the mailing list by clicking on the link at the bottom of every message.
DATA RECIPIENTS
The navigation data (log-file) are stored by the ISP (Internet Service Provider) and by the web host service provider.
For the management of the online shop and for e-mail marketing PPM Srl, as Data Controller, makes use of internal subjects and it can be communicated, limited to the name and the delivery address, to couriers and shippers.
The e-mail addresses stored to perform e-mail marketing campaign is retained until the users’ opt-out.
The data acquired by the site are communicated to servers located in Canada, a country declared suitable for the GDPR legislation by the European Commission.
The data acquired by the cookies are shared with Google and Facebook, which store them on servers located in countries within the European Union (Ireland and the Netherlands). However, some cookies may be transmitted to servers of suppliers located in the United States; in this case the suppliers implement Standars Contractual Clauses compliant with the European Commission provisions.
DATA RETAIN
The navigation data (log files, traffic data) are retained for the period required by current legislation, ranging from 12 to 24 months for the purposes of ascertaining and prosecuting crimes.
The data processed for the purposes of managing reports, requests for information, complaints and for the online shop management are retained until the user unsubscribes, the time necessary for the execution of the contract; some data may be stored for a further time, not exceeding the ordinary times of prescription provided by the law, in order to assure a right of the owner in the event of litigation.
The e-mail addresses stored to perform e-mail marketing campaign is retained until the users’ opt-out.
The contact data processed for the purposes of marketing and sending newsletters and promotional material are kept until the expression of the opt-out by the user.
Data contained in bills or receipt are stored according to the times provided by the tax legislation.
RIGHTS OF DATA SUBJECT AND RIGHT OF COMPLAINT
Data subjects have the right to obtain from the Data Controller, in cases provided for, access to their personal data and the correction or erasure of the same or the limitation of the processing that concerns them or to oppose the processing, in addition to the right to data portability (Articles from 15 to 22 GDPR); furthermore, the data subjects have the right to obtain information and / or specific clarifications about the origin of personal data, the purposes and methods of the processing and the logic applied in case of treatment carried out with the aid of electronic tools.
Data subjects who believe that the processing of personal data is carried out in violation of the provisions of the GDPR have the right to lodge a complaint with a supervisory authority, as required by art. 77 of the Regulation itself, or to take appropriate judicial offices (Article 79 of the Regulation).
Requests relating to the aforementioned articles can be sent to the Data Controller using the contacts indicated at the top of this information document or by filling the request personal data form at the specific website section.