Navigation within this site and/or access to certain sections of the same may involve the collection and processing of personal data by the Data Controller SEBASTIAN S.R.L
This information notice provides information regarding the methods of management of personal data relating to users who navigate through the site HTTPS://WWW.SEBASTIANMILANO.COM who use the functions and services present on it.
This notice governs the processing of personal data carried out by our company within this website, in accordance with current data protection regulations, in particular, the EU Regulation 2016/679 (hereinafter "GDPR").
Data Controller: Sebastian S.R.L.
Headquarters: Via Sonnino n.4, Parma (PR)
Contacts and contact details: Tel. 0521 1406832 - Email: email@example.com
The Data Controller is responsible to you for the lawful and correct use of your personal data and may be contacted for any information or request regarding such processing.
Data acquired during navigation
The computer systems and software procedures used to operate the site acquire certain personal data whose transmission is implicit in the use of Internet communication protocols (IP addresses, URL addresses of requested resources, the time of the request, the method used to submit the request to the server, etc.).
This information is not collected in order to be associated with identified users and/or data subjects, but by its very nature is used for the sole purpose of the operation of the Site.
Data provided voluntarily by visitor users
My Account Section
When users choose to register a personal Site account, they are asked to submit personal information (first name, last name, email address). The Site clearly states what personal information is required (or not) to set up a Site account. Users must provide true and accurate personal information when registering, and are encouraged to keep their personal information current (if changes occur) by logging into their personal account to make any appropriate changes. Users who choose to activate or access their Site account through a social media outlet should be aware that when they link their Site account to a social media account, the Site collects certain personal information that the user has already provided to that social media outlet (e.g., email address and public profile on Facebook). Data Controllers do not oversee or control such social media services or user profiles on these services and do not set privacy settings or rules regarding how personal information is used on these services. Users are strongly encouraged to read all policies and information regarding applicable social media services to obtain additional information about how personal information is processed.
Join the Community section
In the event that users in the My Account section or in the Join the Community section of Sebastian Milano have consented to membership in the Community, membership in the Community is for direct marketing purposes; by way of example, sending by automated means of contact (such as sms, whats app, e-mail, social networks, instant messaging apps, push notifications) promotional and commercial communications related to services/products offered by Sebastian Milano or reporting of commercial and/or sales events, as well as surveying customer satisfaction, conducting market surveys and statistical analysis.
Contact Us section
The optional, explicit and voluntary sending of messages containing personal data to the addresses indicated on this site in the Contact Us section to request information involves the subsequent acquisition of the sender's e-mail address as well as any other personal data included in the same request. The related processing is carried out exclusively to execute the request of the interested party.
Upon verification, the Site asks users to provide personal information for the essential purpose of fulfilling their purchase orders and complying with contractual obligations (e.g. first and last name, e-mail address, delivery address, etc.). Such personal information is also essential to enable Customer Service to assist customers regarding requests and for any related needs, before or after the sale (e.g., regarding order delivery status or product returns). Personal order information will be retained for as long as necessary to fulfill contractual obligations and applicable tax and financial reporting requirements. The Site may also verify payment instruments used by customers for purchases on the Site (e.g., credit or debit card, etc.) primarily to prevent fraudulent activity or under applicable anti-money laundering laws. Because full trust is granted for payment verification to third-party payment processors, Data Controllers do not process or store financial information belonging to customers. Failure to provide required personal information at the time of verification will prevent users from completing an order on the Site.
Shop section product availability:
The optional, explicit and voluntary sending of request regarding product availability involves the subsequent acquisition of the sender's e-mail address. The related processing is carried out exclusively to execute the request of the interested party.
PURPOSES OF PROCESSING AND LEGAL BASIS
The data collected will be used by SEBASTIAN S.R.L. in compliance with the conditions of lawfulness, as set out in Article 6 of the GDPR, for the purposes set out below:
- Data acquired during navigation by users will be processed to enable the proper functioning of the site itself;
- Personal data provided by users who submit requests will be used exclusively to execute users' requests;
- Personal data provided by users in the shop section will be used exclusively to fulfill the purchase order and contractual obligations;
- Personal data provided for Community membership, subject to the optional and revocable consent of the data subject, will be used for Community purposes.
METHOD OF TREATMENT
The processing of your personal data is carried out through automated tools for the time necessary to fulfill the purposes for which they were collected. The processing is carried out by observing security and confidentiality measures in order to prevent risks, such as loss of data, destruction, illegal use with respect to what is provided for by the regulations in force, by duly appointed Authorized Subjects and Data Processors. Upon withdrawal of consent by the data subject, the data will no longer be processed by the Data Controller.
TRANSFER OF DATA OUTSIDE THE EU
Users' data are processed by employees, collaborators of the Data Controller or external parties, in their capacity as authorized and responsible for processing, who perform tasks of a technical and organizational nature on behalf of the Data Controller, acting on the basis of specific instructions provided by the Data Controller.
The data collected by the Site are processed at the Data Controller's offices, and at the datacenter where the SEBASTIAN S.R.L. servers reside. , which is located in Italy, in the European Economic Area managed by the Italian Provider Aruba S.p.A., which, in compliance with the provisions dictated by the European Regulation 2016/679 ("GDPR"), has verified and adapted the technical and organizational measures to ensure the security of personal data processed in the provision of services on behalf of the Data Controller. These measures are implemented and updated in light of relevant regulatory developments as described online in the section dedicated to the European legislation "GDPR" available at the link: https://www.aruba.it/gdpr-regolamento-europeo-privacy.aspx.
The Data Controller may perform data transfer to non-EU countries or to International Organizations. In case of transfer, data will be transferred according to Art.44 (General principle for transfer), Art. 45 (Transfer on the basis of an adequacy decision), Art.46 (Transfer subject to adequate safeguards). Specifically, data may be transferred to third countries or international organizations for which the Commission has intervened with an adequacy assessment (Art.45 of EU Reg. 2016/679).
In compliance with the provisions of Article 5 paragraph 1 letter e) of the European Regulation 2016/679, the personal data collected will be stored in a form that allows the identification of the data subjects for the time necessary to achieve the purposes of processing for which it was collected and other permitted and related purposes or as required by the applicable legislation. The following are specific retention times for data collected through browsing the website in question:
- Data collected while browsing this website is retained for the duration of the browsing session;
- Contact us section: data provided by users who submit requests are kept for the period necessary for the execution of the submitted request;
- Join Sebastian Milano Community section: until consent is revoked by the data subject.
- My Account section: data provided by users who create an account are kept until the user changes preferences.
You may exercise the following rights in relation to the personal data covered by this information sheet; these rights are established and guaranteed by the Regulation.
- Right of access and right to rectification (articles 15 and 16 of the Regulation): you have the right to access your personal data and request that they be corrected, amended or completed. If you wish, we will provide you with a copy of the data in our possession.
- Right to erasure ('right to be forgotten') (article 17 of the Regulation): in the cases envisaged by law you have the right to request the erasure of your personal data. After receiving and analysing your request, we will stop the processing and delete your personal data, if the request is legitimate.
- Right to restriction of processing (article 18 of the Regulation): you have the right to request that the processing of your personal data be restricted, if the processing is unlawful or if you contest the accuracy of the data.
- Right to data portability (article 20 of the Regulation): in the cases described in article 20, you have the right to obtain your personal data from the Controller, in order to transmit them to another controller.
- Right to object (article 21 of the Regulation): you have the right to object at any time to your personal data being processed on the basis of a legitimate interest of the company; your reasons for doing so must be explained; before admitting your request, the company will have to examine the grounds on which it is based.
- Right to lodge a complaint (article 77 of the Regulation): you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data has infringed, or is infringing, your rights.
DETAILED RULES FOR THE EXERCISE OF RIGHTS
You may exercise your data subject rights at any time by contacting the Data Controller at the email address firstname.lastname@example.org
The data subject may revoke membership in the Sebastian Milano Community by clicking on the link provided in the footer of the email.