The personal data provided directly by the user in the pages of the website that can be reached at the address symbophant.com at the time of registration and subsequently for the use of the services provided from time to time by the online store will be treated in compliance with the provisions of the Decree Legislative Decree 196/2003 on the protection of personal data (“Privacy Code”) and following the entry into force of EU Regulation no. 679/2016 (“GDPR”) in accordance with the provisions of art. 13 of the aforementioned European Regulation.
informs the user of the following:
Processing of personal data means any operation or set of operations, carried out with or without the aid of automated processes and applied to personal data or sets of personal data, even if not recorded in a data bank, such as collection, registration, organization, structuring, storage, processing, selection, blocking, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of provision, comparison or interconnection, limitation, cancellation or destruction.
1.OWNER OF THE PROCESSING
The owner of the processing of personal data pursuant to art. 26 is SIMBA SRL S.U. with registered office in Corso Buenos Aires, 79 – 20124 Milan (MI). VAT IT02476130188. Telephone: +39 0 382 968152, mail: email@example.com and PEC: firstname.lastname@example.org.
2.TYPES OF DATA PROCESSED, PURPOSE OF THE PROCESSING AND LEGAL BASIS
The user’s personal data, freely communicated and acquired by reason of the activity carried out by SIMBA SRL SU, will be processed lawfully and fairly.
The following types of users’ personal data may be processed:
a) Navigation data
The computer systems and software procedures used to operate the site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user’s IT environment. These data are used only to obtain anonymous statistical information on the use of the Site and to check its correct functioning, to identify anomalies and / or abuses, and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site or third parties: except for this eventuality, the data on web contacts do not persist for more than seven days
b) For the simbashopping.com site, the personal data provided voluntarily by the user
The personal data provided freely and voluntarily by the users of this site concern respectively:
- necessary for the conclusion of e-commerce transactions, in the context of online purchases. The payment management services allow this site to process payments by credit card or PayPal. The data used for payment are acquired directly by the manager of the requested payment service without being in any way treated by the company (eg PayPal is a payment service provided by PayPal Inc., which allows the user to make payments online using the own PayPal credentials).
- those inserted in the forms present in some sections of the site (eg: the “Contacts” section), or sent via e-mail messages to the e-mail addresses indicated on the Website, or, the data entered for the purposes of registration to the website, to the extent necessary to respond to user requests.
- those included in the evaluation form of the purchase experience in the “My Account” section or the evaluation form received by e-mail following the purchase through CUSTOMER REVIEWS LTD (terms and conditions)
Personal data provided freely and voluntarily by users is collected and processed for the following purposes:
– supply of products requested by the user and management of related payments;
– site registration;
– reply to requests for information;
– statistical purposes;
The legal basis of the processing for the aforementioned purposes is represented not only by the need to execute the contract of which the user is a party or for the response to his requests, also by the need to fulfill the legal obligations to which the Company is subject .
Regarding the statistical purposes, the data will be processed anonymously and in aggregate form.
The user can create his own account on the simbashopping.com site by entering his personal data (including name, surname, telephone number, e-mail address). The user can update his personal profile at any time, modify and delete his data through the personal area of his account.
4.METHOD OF DATA PROCESSING
The data will be processed in compliance with the necessary security and confidentiality, through the following methods: collection of data from the interested party, collected and recorded for specific, explicit and legitimate purposes and used in further processing operations in terms compatible with those purposes, processing carried out with the aid of electronic and automated tools (data collection via data transmission, directly from the interested party).
5.LEGITIMATE INTERESTS CARRIED OUT BY THE DATA CONTROLLER
The legitimate interests pursued by the Data Controller in the processing of data are given by having to respect and honor the contractual obligations signed between the parties. According to the art. 6 the lawfulness of the processing is based on the consent expressly expressed by the interested party, documented in written form.
6.COMMUNICATION OF DATA AND RECIPIENTS OF PERSONAL DATA
Your personal data may be communicated to certain subjects, appointed by the Data Controller to provide services that are instrumental or necessary for the performance of obligations connected with the registration to the simbashopping.com website and online purchase, within the limits and in accordance with the instructions imparted. In particular, the data may be disclosed to:
- persons, companies or professional offices, who provide assistance, advice or collaboration to the Holders in accounting, administrative, legal, tax and financial matters;
- subjects delegated and / or appointed by SIMBA SRL SU to carry out activities or part of the activities related to the supply of sales services, such as the logistics center responsible for packaging the products purchased by the user; the carriers in charge of delivering the purchased products; and any other external collaborator to whom the communication is necessary for the correct fulfillment of the obligations assumed by SIMBA SRL SU in relation to the contract for the supply of its services;
- to Public Administrations for the performance of institutional functions within the limits established by law or regulation.
7.METHOD OF PROCESSING
The data is collected electronically and processed by means of registration, consultation, communication, storage, cancellation, carried out mainly with the aid of electronic tools, ensuring the use of suitable measures for the security of the processed data and guaranteeing confidentiality. of the same.
The user data, stored on electronic media, are kept and stored on a server owned by Provider Mantainer: Server Plan S.r.l. Reseller and hosting company: Stt S.r.l. . In particular, the Data Controller declares that the data recorded on the server are protected against the risk of intrusion and unauthorized access and that they have also adopted appropriate security measures to guarantee the integrity and availability of data as well as the protection of areas and premises relevant for their custody and accessibility.
The co-owners guarantee the maximum level of security in the management of user data. The credit card information is stored only in encrypted format and according to the security requirements of the PCI certification. The owner does not have access to confidential information relating to credit cards, which will be processed by intermediaries and card issuers in compliance with the Privacy Code.
8.RIGHTS OF THE INTERESTED PARTY
The user (hereinafter also “interested”), pursuant to the provisions of art. 7 Privacy Code and art. 15 GDPR, is entitled to:
- obtain confirmation of the existence or not of personal data concerning him, even if not yet recorded, and their communication in intelligible form;
- obtain the indication: a) of the origin of the personal data; b) the purposes and methods of processing; c) the logic applied in the case of processing carried out with the aid of electronic instruments; d) of the identification data concerning the data controller, data processors and the representative designated pursuant to art. 5, paragraph 2 of the Privacy Code and art. 3, paragraph 1, GDPR; e) the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them as appointed representative in the State, managers or appointees;
- obtain: a) updating, rectification or, when interested, integration of data; b) the deletion, transformation into anonymous form or blocking of data processed in violation of the law, including data which does not need to be kept for the purposes for which the data was collected or subsequently processed; c) the attestation that the operations referred to in letters a) and b) have been brought to the attention, also with regard to their content, of those to whom the data have been communicated or disseminated, except in the event that such fulfillment occurs it proves impossible or involves a manifestly disproportionate use of resources with respect to the protected right;
- object, in whole or in part: a) for legitimate reasons to the processing of personal data concerning him, even if pertinent to the purpose of collection; b) to the processing of personal data concerning him for the purpose of sending advertising materials or direct sales or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator by email and / or through traditional marketing methods by telephone and / or mail. It should be noted that the right of opposition of the interested party for direct marketing purposes through automated methods extends to the traditional ones and that the possibility remains open for the interested party to exercise the right to object even in part. Therefore, the interested party may decide to receive only communications using traditional methods or only automated communications or none of the two types of communication;
- ask the Data Controller to access personal data (art. 15 GDPR), the correction (art. 16 GDPR) or the cancellation (art. 17 GDPR) of the same, the limitation of the processing or to oppose their treatment (art. 18 GDPR );
- the external portability of their data processed in an automated form where applicable;
- to withdraw the consent at any time without jeopardizing the lawfulness of the processing based on the consent given before the revocation;
- make a complaint to the Guarantor Authority for the protection of personal data;
To exercise the aforementioned rights, as well as to receive information relating to the subjects to whom the data is stored or to whom the data is communicated or to the subjects who, in their capacity as managers or appointees, may become aware of your data, may contact the Owner by sending a request to the following e-mail address email@example.com.
9.DURATION OF THE TREATMENT AND PERIOD OF STORAGE OF THE DATA
The processing of personal data with reference to the purposes referred to in section 2, will have a duration equal to that required for the execution of the services requested, to which will be added the additional period of time prescribed by law in compliance with civil, fiscal and current tax law.
10.INTENTION OF DATA CONTROLLER TO TRANSFER PERSONAL DATA
The management and storage of personal data will take place on servers located within the European Union. Currently the servers are located in Italy. The data will not be transferred outside the European Union.
Last update: 08-2019