Pursuant to art. 13 of the EU Reg. 2016/679
(General Data Protection Regulation, so-called GDPR)
1. DATA CONTROLLER AND DATA PROCESSOR
The Data Controller is AKIREH based in 20121 Milano, Viale Monte Santo n 4 , e-mail address: firstname.lastname@example.org.
The Data Processor is Erika Betti based in20121, Milano Via Monte Santo n. 4, e-mail address: email@example.com.
2. CONTACT DETAILS OF THE DATA PROTECTION OFFICER
AKIREH has appointed Data Protection Officer Mrs. Erika Betti, who can be contacted at the email address firstname.lastname@example.org
3. TYPES OF PROCESSED DATA
3.1 AKIREH collects and processes the following data: e-mail, citizenship, first name, last name, country, password, profile photo, addresses, telephone number(s), IP address, access and navigation data, order history, transactions, bank data, complaints, accidents, delivery information, correspondence on our website.
The mandatory or optional character of the data to be provided is indicated at the time of collection with an asterisk (?). Some data is collected automatically due to your actions on the site (see the section on cookies).
We collect information that you provide to us in particular when:
– create your profile card;
– purchases or sells a product on the website;
– browse the site and consult the products;
– take part in a competition;
– contact our customer service;
– accept the installation of certain cookies.
3.2 Recipients of data: the data collected on the site are intended for AKIREH and its partners when you accept it. They may also be transmitted to partners and subcontractors to whom AKIREH may have recourse in the performance of its services.
4. PURPOSES and LEGAL BASIS OF DATA PROCESSING
AKIREH collects and processes user’s personal data for the following purposes:
- to get in touch with customers or potential customers, answer and manage their requests for information, questions and communications. The consent to the personal data processing for this purpose is necessary to allow the user to use the contact service available on the Site and, consequently, to allow AKIREH to respond to requests for information, questions and communications from customers or potential customers and provide them the required services. In case of lacked consent to the processing of personal data for this purpose, the user will not be able to use the contact service available on the Site and AKIREH cannot respond to requests for information and provide the services requested by the user;
- to be able to satisfy user’s requests for products and services, to manage sales activities and after-sales assistance, including administrative, accounting and tax activities necessary to fulfill legal obligations, as well as warranty services (repairs or replacements). The provision of data with respect to these purposes is mandatory and in case of refusal, AKIREH will not be able to process the requested contractual services. It is not necessary that AKIREH obtains the explicit consent to the personal data processing for these purposes: the consent is in fact implicit in the request for contractual services and in the legal obligations;
- to carry out promotional initiatives, such as sending information about new products, events, presentations, etc. This information may be transmitted using traditional methods (calls by telephone, shipment of printed advertising material by post, etc.) or by automated means (SMS, e-mail). In this case, AKIREH will require explicit and specific user consent to the personal data processing for promotional purposes, consent that the user may revoke at any time.
DATA PROCESSING METHODS AND SECURITY MEASURES
The processing is carried out using IT and/or paper tools, with organizational methods and with logic strictly related to the purposes indicated above. AKIREH takes appropriate security measures to prevent personal data unauthorized access, disclosure, modification or destruction.
Therefore the treatment will be carried out in compliance with the provisions of art. 32 GDPR regarding security measures, also possibly by the employees of the AKIREH specifically appointed and instructed in compliance with the provisions of art. 29 GDPR.
The collected data are processed only for the achievement of the purposes referred to in point 4). AKIREH uses security technologies and procedures that guarantee the protection of user’s personal data and uses constantly updated devices for the processing security and personal data storage.
5. PERSONAL DATA DISCLOSURE
They will have access to the personal data: the Data Processor, the other persons acting as External Data Processors appointed by AKIREH, such as professionals (lawyers, accountants) or service providers (credit institutions, insurance companies, etc.) and the employees of AKIREH specifically authorized and instructed.
The personal data collected may be communicated to the Judicial Authority in the cases expressly provided for by law without the consent of the user as well as to all the subjects whose right of access to the data is recognized by virtue of regulatory provisions.
Personal data collected and processed by AKIREH will not be disclosed to third parties, unless the user authorizes, by explicit and express consent, AKIREH to communicate his personal data to third parties, independent data controllers.
Except for the above, personal data in no case will be subject to disclosure.
6. TRANSFER OF PERSONAL DATA TO A THIRD COUNTRY
AKIREH does not transfer personal data to third countries that do not provide adequate guarantees, as required by art. 46 GDPR. In any case, AKIREH must acquire the explicit and express consent of the user in order to proceed with the transfer of data to a third country. AKIREH reserves the right to use cloud services and in this case service providers will be selected among those providing adequate guarantees.
7. DATA RETENTION MODE AND DURATION
The data collected for the purposes referred to in letter B) of point 4) are stored in a SQL database, an integral part of the management and billing software installed on a server with secure access inside the AKIREH offices in Milan. This data is kept for at least 10 years, after which it will be deleted from the database.
The data collected for the purposes referred to in letters A) and C) of point 4) are currently registered in an excel file on dropbox shared with the two AKIREH stores in Milan but modifiable only by authorized personnel. This data is kept for 5 years, after which it will be deleted from the database.
8. USER’S RIGHTS
The interested party to the processing of personal data has the right:
a) to access the personal data provided;
b) to rectify, limit, modify, supplement, delete, anonymous the personal data provided;
c) to transfer the data to another data controller;
d) to oppose the processing of personal data provided.
The interested party can exercise these rights by sending a communication via e-mail to the following e-mail address: email@example.com. The interested party also has the right to file a complaint to the Authority for the Protection of Personal Data.
9. CONSENT REVOCATION TO THE PERSONAL DATA PROCESSING
The user may revoke consent to the personal data processing by sending an e-mail to the following address: firstname.lastname@example.org. In this case the personal data will be removed from the archives as soon as possible.
I declare to have received from AKIREH the information required by articles 12 and 13 of the GDPR, in a clear, transparent, comprehensible and intelligible language.
By acknowledging the above information, I consent to the personal data processing by AKIREH for the purposes referred to in letter B) of point 4 (contractual purpose and fulfillment of legal obligations).
With regard to the purpose referred to in letter A) of point 4 (answering and managing requests for information, questions and communications from customers or potential customers)
□ I GIVE MY CONSENT
□ I DO NOT GIVE MY CONSENT
With regard to the purpose referred to in letter C) of point 4 (promotional treatment)
□ I GIVE MY CONSENT
□ I DO NOT GIVE MY CONSENT
□ I GIVE MY CONSENT □ I DO NOT give my consent to communicate my personal data to third parties, independent data controllers, and to transfer my data to third countries that provide adequate guarantees.
I am aware and informed of the right to withdraw consent at any time and for any reason.