INFORMATION ON PRIVACY POLICY

Information pursuant to Legislative Decree no. 196/2003 "Personal Data Protection Code" and EU Regulation 2016/679 - GDPR (General Data Protection Regulation) and subsequent amendments and additions

The company SEBASTIAN S.R.L. based in Parma, via Giorgio Sidney Sonnino n. 4 - Parma (PR) VAT number, tax code and Registration in the Register of companies of Parma n. 03023910346 as "Holder" the processing, protection and confidentiality of personal data and guarantees them the necessary protection from any event that may put them at risk of breach. As required by European Union Regulation no. 679/2016 ("GDPR"), and in particular art. 13, below you provide the user ("interested") the information requested the legislation relating to the processing of personal data.

 

• LEGAL BASIS FOR PROCESSING

This site processes data based on consent. By accessing the websites managed by SEBASTIAN S.r.l., or using their content, you agree to the terms of the Online Privacy Policy SEBASTIAN S.r.l. as set out below, including any dissemination to third parties where necessary for the provision of a service. If you do not agree to these terms, please do not access the sites and do not use their content. This is an information that is also made pursuant to and in accordance with Article 13 of Legislative Decree no. 196/2003 "Code on the protection of personal data" and s.m.i, and in accordance with art.13-14 of the GDPR (General Data Protection Regulation), EU Regulation 679/2016.

The legal basis of such processing is compliance with legal obligations and the legitimate interest of the Data Controller to perform processing for the purposes of protecting the company’s assets by SEBASTIAN S.R.L.

 

• PERSONAL INFORMATION. PROCESSING PURPOSES

The term "Personal Information" means any information relating to users that identifies them personally, alone or in combination with other information.
Personal information is collected automatically by the Site or received through multiple sources: forms, chats, emails, apps, devices, social media and other media.

 

• NAVIGATION DATA

The Site collects non-sensitive navigation data by automatic means in order to enable and improve the user’s navigation (for example IP address, date/time of the visit and its duration, any reference URL, pages visited on the Site, device used and other information).
The processing of this information allows users to access the Site and fully enjoy its features and services. In addition, the navigation data can be used to verify that the Site works properly.
From time to time, navigation data is processed anonymously for statistical purposes.
Navigation data are unlikely to allow identification of the data subject. However, by their very nature, navigation data may allow identification of users when associated with other information.
The navigation data described above are stored only temporarily in accordance with applicable law.

 

ORDERS

At the time of verification, the Site asks users to provide personal information for the essential purpose of meeting their purchase orders and comply with contractual obligations (such as name and surname, e-mail address, delivery address, etc.).
This personal information is also essential to enable Customer Service to assist customers with requests and any related needs, before or after the sale (for example, regarding the delivery status of the order or returns of products).
Personal information relating to orders will be kept for as long as necessary to fulfil the applicable contractual obligations and tax and financial reporting obligations.

The Site may also verify the payment instruments used by customers for purchases on the Site (such as credit or debit card, etc.) primarily to prevent fraudulent activity or in accordance with applicable anti-money laundering laws. Since it is granted full trust for the verification of payments to entities that process third-party payments, the Data Controllers do not process or store financial information belonging to customers.
Failure to transmit the personal information requested at the time of verification will prevent users from completing an order on the Site.
Based on your legitimate interest in improving your relationship with customers, the Site will email you with product suggestions, discounts, feedback requests or other updates. Customers are always free to unsubscribe from such email communications from request@sebastianmilano.com (for example, by clicking on the "unsubscribe" link at the bottom of each email).

 

REGISTRATION ON THE SITE

When users choose to register a Personal Site account, they are asked to submit personal information (name, surname, email address). The Site clearly indicates which personal information is required (or not) to set up an account on the Site.

Users must provide true and accurate personal information at the time of registration and are encouraged to keep their personal information up to date (if changes occur) by logging into their personal account to make any changes as appropriate.
Users who choose to activate or access their Site account via social media should be aware that when they connect their Site account to a social media account, the Site collects certain personal information that the user has already provided to this social media (for example, the email address and public profile on Facebook).

The Data Controllers do not supervise or control such social media services or user profiles on these services and do not set privacy settings or rules regarding how personal information is used on such services. Users are strongly advised to read all applicable social media services policies and information to learn more about how to process personal information.

The Data Controller processes personal, identifying and non-sensitive data (without limitation, first name, last name, company name, address, telephone number, tax number, e-mail - hereinafter "personal data" or even "data") you communicate when registering on the website www.sebastianmilano.com below, "Site"), online purchase of products or services, the online request for clarification or support and the sending of newsletters.

 

NEWSLETTERS AND MARKETING COMMUNICATIONS

On the Site, users can choose to receive newsletters and commercial communications.
The Site always collects the explicit, free and unequivocal consent of users before sending newsletters and marketing communications to said users.
Users can always easily withdraw their consent to receive newsletters and commercial communications in the following ways:

• by clicking on the 'unsubscribe' link in any of these emails;
• by contacting our Customer Service on request@sebastianmilano.com
  With regard to the personal information of unregistered users who have chosen to receive newsletters and marketing communications, the data controller is SEBASTIAN S.r.l.

 

• FINALITY OF THE TREATMENT

In order to offer users the personalized services provided by its websites, SEBASTIAN S.R.L. as Data Controller must process certain identification data necessary for the provision of the Service.

The provision of personal data for these purposes is not mandatory, but the refusal to provide them makes it impossible to provide the SERVICES.

Personal data are processed:

1. without your express consent (art. 24 lett. a), b), c) Privacy Code and art. 6 lett. b), e) GDPR), for the following service purposes

• creation of a personal account
• placing an order 
• manage and maintain the Site;
• allow you to use the services you may have requested, such as the management of services for the payment of goods/services on the Site (e-commerce);
• processing a contact request;
• to fulfil the obligations provided for by Community laws, regulations and regulations, as well as by instructions given by the Authority to this effect by law and by supervisory and supervisory bodies;
• prevent or detect fraudulent activity or abuse harmful to the Site;
• exercise the rights of the Owner, for example the right to exercise a right in court.

2. only with your specific and distinct consent (art. 23 and 130 Privacy Code and art. 7 GDPR), for the following Other Purposes:

• send you by e-mail newsletters.

 

PROFILING

According to the explicit consent of the user, the newsletter and marketing communications can be adapted to the "profile" of the user, based on the personal information that the Site collects or receives on the user concerned.
As for the customers of the Site, it is in the legitimate interest of the Site to process personal information to offer more interesting products, improve the Site and customize the products offered on the Site.
The main purpose of profiling is to propose products, services and initiatives more in line with the tastes, purchasing habits and interests of users and customers.
Personal information may also be used for remarketing, retargeting or profiling purposes, including through third parties (e.g. social networks, etc.).

Neither the Website nor the Data Controllers will ever carry out profiling activities related to minors.

 

• SOURCE OF PERSONAL DATA

The personal data in the possession of SEBASTIAN S.R.L. are exclusively those provided by the User during the registration process on the Site, the purchase of services and products SEBASTIAN S.R.L. or the request for information.

 

Cookies

Cookies are small files corresponding to individual text elements that can be recorded on the hard drive of the User’s computer. This allows easier navigation and greater ease of use of the site itself.
Cookies can be used to determine whether a connection has already been made between the User’s computer and the pages of the SEBASTIAN S.R.L. websites. Only the cookie stored on the User’s computer is identified.
Of course you can also visit the site without cookies. Most browsers accept cookies automatically. You can avoid the automatic registration of cookies by selecting the option "do not accept cookies" among those proposed.

For more information on how to do this, please refer to your browser instructions. It is possible to delete at any time any cookies already present on the hard disk. The choice not to accept cookies from the browser may limit the functions accessible on the sites SEBASTIAN S.R.L

Use of cookies

The sites of SEBASTIAN S.r.l., for strictly technical reasons of computer security, makes use of session cookies to keep track of the User’s visit and records the IP address of visitors who access the reserved areas. This information does not personally identify the User. Each User therefore remains anonymous unless they have provided SEBASTIAN S.R.L. with personal information in other forms.
The user can manage, or request the general deactivation or deletion of cookies, by changing the settings of your Internet browser. Such deactivation, however, may slow down or prevent access to certain parts of the Site.

The sites of SEBASTIAN S.r.l., for strictly technical reasons of computer security, makes use of session cookies to keep track of the User’s visit and records the IP address of visitors who access the reserved areas. This information does not personally identify the User. Each User therefore remains anonymous unless they have provided SEBASTIAN S.R.L. with personal information in other forms.
The user can manage, or request the general deactivation or deletion of cookies, by changing the settings of your Internet browser. Such deactivation, however, may slow down or prevent access to certain parts of the Site.

The settings to manage or disable cookies may vary depending on the Internet browser used, therefore, to learn more about how to perform these operations, we suggest that you consult your device manual or the "Help" or "Help" function of your Internet browser.
The following are the links that explain how to manage or disable cookies for the most popular Internet browsers:

• Google Chrome: https://support.google.com/chrome/answer/95647
• Mozilla Firefox: http://support.mozilla.org/it/kb/Gestione%20of%20cookies
• Microsoft Edge: https://support.microsoft.com/it-it/help/4027947/windows-delete-cookies
• Internet Explorer: https://support.microsoft.com/it-it/help/17442/windows-internetexplorer-delete-manage
• Opera: http://help.opera.com/Windows/10.00/it/cookies.html
• Safari: https://support.apple.com/kb/PH19255?locale=it_IT

 

Cookie third-party

Third-party cookies can be installed: these are cookies, analytical and profiling, Google Analytics and Facebook. These cookies are sent from the websites of said third parties external to our Site.
Third-party analytical cookies are used to detect information about user behavior on the site. The survey takes place anonymously, in order to monitor the performance and improve the usability of the site. Third-party profiling cookies are used to create profiles relating to users, in order to offer advertising messages in line with the choices made by the users themselves.

The use of these cookies is governed by the rules prepared by the third parties themselves, therefore, we invite users to read the privacy policies and guidance to manage or disable cookies published in the following web pages.

 

Google Analytics's cookies:

- privacy policy: https://www.google.com/intl/it/policies/privacy/
- informations to manage or disable cookies: https://support.google.com/accounts/answer/61416?hl=it

Facebook's cookies:

- privacy policy: https://www.facebook.com/privacy/explanation
- informations to manage or disable cookies: https://www.facebook.com/help/cookies/

 

DATA COLLECTED

 

NAVIGATION DATA

Like all websites, this site also makes use of log files in which information collected in an automated manner during user visits is stored. The collected information whose transmission is implicit in the use of Internet communication protocols may be:

• internet protocol (IP) address;
• domain names of computers used by users connecting to the site;
• type of browser and device parameters used to connect to the site;
• the nation from which you connect;
• name of internet service provider (ISP);
• date and time of visit;
• web page of origin of the visitor (referral) and exit;
• possibly the number of clicks;
• other parameters on the Operating System and the user’s IT environment.

 

Collection of personal information

While the User performs activities such as ordering products, SEBASTIAN S.R.L. may ask to provide personal information through the compilation of an electronic form. The User is totally free to accept or not such request.
If you decide to join, SEBASTIAN S.R.L. may ask to provide personal information, such as name, address, email address and other data that identify you. If the User orders a product, for example, the information is used to register the license and the right, if any, to avail of technical support, updates or other benefits that may be offered to registered Users.

If the User orders a product, for example, the information is used to register the license and the right, if any, to avail of technical support, updates or other benefits that may be offered to registered Users. If the User participates in a contest, the information is collected for the purpose of authorizing the participation of the User and contacting him about the contest or prizes awarded.
SEBASTIAN S.R.L. also uses the information provided by the User to support the effort to keep it constantly updated on new versions of a product, special offers and other products and services SEBASTIAN S.R.L. .
SEBASTIAN S.R.L. recognizes and attributes great value to a responsible use of such information.

The data collected by the site during its operation are used exclusively for the purposes indicated above and stored for the time strictly necessary to carry out the activities specified. In any case, the data collected by the site will never be provided to third parties, for any reason, unless it is a legitimate request from the judicial authority and in the only cases provided by law, for the assessment of liability in case of hypothetical computer crimes against the Site.

 

Data provided voluntarily by visitor users

The optional, explicit and voluntary sending of e-mail to the addresses indicated on the sites of SEBASTIAN S.R.L. involves the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message. Specific summary information is progressively reported or displayed on the pages of the site prepared for particular services on request.
In particular, the e-mail addresses that are imported into the forms of the Site are used exclusively to offer the services requested and will not be communicated to anyone; even those in charge of data processing of SEBASTIAN S.R.L. may only have access to addresses to perform maintenance tasks or restore service functionality. If the Site allows the insertion of comments, or in case of request for information or specific services, some identification data of the user, including the email address are automatically collected and recorded.
These data are voluntarily provided by the user at the time of the request to provide the service. By inserting a comment or other information the user expressly accepts the privacy policy, and in particular agrees that the content inserted are freely disseminated to third parties.

The data received are used exclusively for the provision of the requested service and only for the time necessary for the provision of the service.

The information that the users of the site deem to make public through the services and tools made available to them, is provided by the user knowingly and voluntarily, exempting the Data Controller from any liability for any violations of the law. It is up to the user to verify that they have permission to enter personal data of third parties or content protected by national and international standards.

 

Optional nature of the provision of data

Apart from what is specified for navigation data, the user is free to provide their personal data through the use of the appropriate sections of the Site and to request or request the sending of informative material or other communications. Failure to provide them can only make it impossible to obtain what is requested. For completeness it should be remembered that in some cases (not subject to the ordinary management of the Web Sites) the Authorities may request news and information pursuant to art.157 of Legislative Decree no. 196/2003 and s.m.i. for the purposes of controlling the processing of personal data. In these cases the answer is mandatory on penalty of administrative penalty.

 

DATA RETENTION TIME

Unless the interested party explicitly expresses his will to remove them, personal data will be stored until they are necessary for the legitimate purposes for which they were collected.
In particular, with regard to the management and provision of services related to contact requests submitted by the Data Subject, such data will be stored no later than a maximum period of 12 months; also, in case of accession to a contract, will be kept for the duration of the contract and in any case not later than a maximum period of 12 (twelve) months from the last of the Services active and related to it, or if, within that period, are not active and/or purchased Services of the Products through a contract. Personal data will in any case be stored.

 

SAFETY AND SECURITY

The Data Controller has adopted specific and adequate security, technical and organizational measures, including encryption and authentication tools, to maintain the security of personal data. In particular, the security measures protect the data against the risk of loss, illicit or incorrect use and are intended to avoid unauthorized access, in compliance with the obligations to comply with the minimum security measures. Given the nature of the treatment and the specialization of SEBASTIAN MILANO S.R.L. in Web technologies, suitable and preventive security measures are adopted and implemented in accordance with art. 31-34 Privacy Code and art.32 GDPR. For security purposes (spam filters, firewalls, virus detection), automatically recorded data may also include personal data such as the IP address, which could be used, in accordance with applicable laws, in order to block attempts to damage the site itself or to cause damage to other users, or in any case harmful activities or constituting a crime.

These data are never used for the identification or profiling of the user. This information is processed according to the legitimate interests of the Owner for the protection of the site and its users.

 

PLACE OF TRATMENT

The data collected by the Website are processed at the premises of the Data Controller, and at the datacenter where the SEBASTIAN S.R.L. servers reside, which is located in Italy, in the European Economic Area managed by the Italian Provider Aruba S.p.A., which, in compliance with the provisions dictated by the European Regulation 2016/679 ("GDPR"), has verified and adapted the technical and organizational measures to ensure the security of personal data processed in the provision of services on behalf of the Data Controller.
These measures are implemented and updated in light of the relevant regulatory developments as described online in the section dedicated to the European regulations "GDPR" available at the link: https://www.aruba.it/gdpr-regolamento-europeo-privacy.aspx.

 

METHOD OF TRATMENT

The processing of personal data is carried out by means of the operations indicated in art. 4 Privacy Code and art. 4 n. 2) GDPR through manual, computer and telematic tools with logic strictly related to the purposes indicated above and, in any case, in order to ensure the security and confidentiality of data.
Personal data are processed only for the time necessary to fulfil the purposes for which they were collected.

 

ACCESS TO DATA

SEBASTIAN S.R.L. without the consent of the interested party being necessary, may communicate the data necessary to perform specific tasks to proceed with the processing that pursue the same purposes for which the data were collected.

For this reason, the processed data can be accessible to:

• employees and collaborators of the Data Controller, in their capacity as persons in charge and/or internal data processors and/or system administrators;
  • third party companies or other entities (for example, web server providers, e-payment service providers, suppliers, credit and digital payment institutions, hardware and software service technicians, freight forwarders and carriers, professional firms, etc.) who perform outsourcing activities on behalf of the Owner in their capacity as controllers.

The Controller imposes on its Third Party suppliers and Processors the observance of security measures similar to those adopted with respect to the Interested Party by restricting the scope of action of the Responsible Party, to the processing related to the requested service.

 

DATA COMMUNICATION AND DISSEMINATION OF DATA

Unless explicitly indicated in the information relating to individual processing, the personal data collected are not disclosed to third parties or disclosed.

Without the express consent of the interested party (ex art. 24 lett. a), b), d) Privacy Code and art. 6 lett. b) and c) GDPR), the Data Controller may communicate the personal data subject to processing to supervisory bodies, judicial authorities as well as to all other subjects to whom communication is mandatory by law.

 

DATA TRANSFER

The management and storage of personal data are performed in Europe, on computers and servers located in Italy, the Owner and/ or third-party companies appointed and duly appointed as Data Processors.
The personal data of the interested party are stored in paper, computer and telematic archives located in countries in which the GDPR is applied (EU countries).

 

TRANSFER OF DATA TO NON-EU COUNTRIES

The Site may share some of the data collected with services located outside the European Union. In particular, with Google and Facebook via social plugins and the Google Analytics service. The transfer is authorised on the basis of specific decisions of the European Union and the Guarantor for the protection of personal data, in particular decision 1250/2016 (Privacy Shield), so no further consent is required. The companies mentioned above guarantee their adherence to the Privacy Shield.

 

RIGHTS THE DATA SUBJECT

The interested party has the rights referred to in art. 7 Privacy Code and s.m.i. and art. 15 GDPR and precisely the rights of:

• obtain confirmation of the existence or otherwise of personal data concerning you, even if not yet registered, and their communication in intelligible form (right of access);
• obtain an indication of: a) the origin of the personal data; b) the purposes and methods of processing; c) the logic applied in the case of processing carried out with the help of electronic means; d) the identification details of the owner, of the responsible persons and the appointed representative pursuant to art. 5, paragraph 2 Privacy Code and s.m.i. and art. 3, paragraph 1, GDPR; • c) the persons or categories of persons to whom the personal data may be communicated or who may become aware of them as designated representative in the territory of the State, as responsible persons or persons in charge;
• obtain: a) the update, the rectification or, when you have an interest, the integration of the data; b) the cancellation, the transformation into anonymous form or the blocking of the data processed in violation of the law, including those for which storage is not necessary in relation to the purposes for which the data were collected or subsequently processed; c) the attestation that the operations referred to in letters a) and b) have been brought to the attention, also with regard to their content, of those to whom the data have been communicated or disseminated, except where such fulfilment proves impossible or involves the use of means manifestly disproportionate to the right protected;
• oppose, in whole or in part: a) for legitimate reasons to the processing of personal data concerning you, even if pertinent to the purpose of collection; b) the processing of personal data concerning you for the purpose of sending advertising material or direct sales or for carrying out market research or commercial communication, by the use of automated call systems without the intervention of an operator by e-mail and/or by traditional marketing methods by telephone and/or paper mail. Please note that the right of opposition of the interested party, set out in the previous point b), for direct marketing purposes through automated methods extends to the traditional ones and that in any case the possibility for the interested party to exercise the right of opposition even in part. Therefore, the interested party may decide to receive only communications through traditional methods or only automated communications or neither of the two types of communication;
• and, more generally, to exercise all the rights recognized by the current legal provisions.
  Where applicable, you also have the rights referred to in Arts. 16-21 GDPR (right to rectification, right to be forgotten, right to restriction of processing, right to data portability, right of opposition), as well as the right to complain to the Guarantor Authority.

 

USERS’ RIGHTS

Users have the right to receive confirmation regarding any possession by the Data Controller of the processing of personal information on their account.

In this case, under the GDPR, users also have the rights to:

• be informed about the collection and use of your personal information;
• access their personal information at no cost;
• obtain the rectification or completion of inaccurate or incomplete personal information;
• obtain the deletion of personal information ("the right to be forgotten");
• under specific conditions, obtain the restriction or suppression of your personal information;
• obtaining and reusing personal information for its own purposes between different services when processing is based on a contract or consent and is executed automatically ("the right to data portability");
• in specific conditions, oppose the processing of their personal information;
• object at any time to the use of personal information for purposes of "profiling" or "automated decision-making";
• the right to lodge complaints relating to the collection and processing of personal information with the competent supervisory authority;
• the right to withdraw consent to the processing of personal data at any time.

 

DETAILED RULES FOR THE EXERCISE OF RIGHTS

The interested party can exercise the rights at any time by sending:

• a registered letter a.r. to:
  SEBASTIAN S.R.L. - via Giorgio Sidney Sonnino n. 4, 43126 - Parma
• an e-mail to:
  request@sebastianmilano.com

 

CHANGES TO THIS PRIVACY POLICY

Any future changes to this Privacy Policy will be published on the Site and, if applicable, notified to users via email. Users are invited to frequently read this Privacy Policy to check for updates or changes.

 

Privacy Policy