This is a statement made pursuant to art. 13 of EU Regulation 2016/679 for the Users of the Web portal services. The indications given below concern in particular the collection of personal data on the Internet, with the aim of identifying the minimum measures that must be implemented towards the persons concerned in order to ensure the transparency and lawfulness of such practices.
From Articles 4, 37-39 of Regulation (EU) 2016/679 (hereinafter also Regulation)
Personal data: any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Usage Data: information that are collected automatically by this Application (or by third party applications that this Application uses), including: IP addresses or domain names of the computers used by the User that connects with this application, addresses in URI (Uniform Resource Identifier), the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response from the server (successful, error, etc..) the country of origin, the characteristics of the browser and the operating system used by the visitor, the various temporal connotations of the visit (for example, the time spent on each page) and the details of the itinerary followed within the application, with particular reference to the sequence of the pages consulted, the parameters related to the operating system and the User's IT environment.
Profiling: any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
User: the individual who uses this application, which must coincide with the Data Subject or be authorized by him and whose personal data are subject to any processing.
Processing: any operation or set of operations which are performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Data Controller (or Controller):the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Data processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
This Application or Platform: the hardware or software tool through which the personal data of Users are collected.
Data Protection Officer (DPO): mandatory figure in certain cases as per art. 37 of the Regulation. He advises, monitors, coordinates and manages relations with the Supervisory Authority regarding the processing of personal data.
The "Data Controller" of his personal data possibly processed as a result of the use of this website, pursuant to art. 26 of Regulation (EU) 2016/679, is Gruppo Bernardelli Stores, Corso Umberto I 27, 46100 MANTOVA (MN),Italy, no. tel. +39 – 366 22 97 004, email@example.com
The personal data provided by the Users who access this site, and possibly use the following web services, will voluntarily provide the related information as listed below.
The data of Users collected through the sections listed above are used for the sole purpose of performing the service or provision requested and will not be disseminated to third parties. The Data Controller has determined the purposes of the processing identified in the performance of its activities. The User data are collected to allow the Owner to provide its services, as well as for the following purposes: statistics, advertising, hosting and backend infrastructure, interaction with social networks, external platforms and display of content from external platforms. In particular, the navigation data are exclusively processed:
As for personal data voluntarily provided by the User, they are processed for the following purposes, in addition to those indicated below:
In order to pursue the purposes of processing described above, this site uses the following services, listed for processing purposes.
Hosting and backend infrastructure. This type of service has the function of hosting data and files that allow the site to function, allow its distribution and provide a ready-to-use infrastructure to deliver specific functionalities of this application. Some of these services operate through servers which are geographically located in different places, making it difficult to determine where your Personal Data are stored exactly. The site www.bernardellistores.com is activated through a hosting service provided by Tucows Domains Inc. andis managed in collaboration with Net Srl.
Interaction with external social networks and platforms. This type of service allows the interaction with social networks, or other external platforms, directly from the pages ofwww.bernardellistores.com and it is possible that, even if users do not use the service, the same collects traffic data related to the pages where it is installed. Interactions and information acquired are in any case subject to the privacy settings of the User relating to each social network.
By using the services listed in point 2), the interested party expresses his consent to the processing of his personal data for the purposes described above in Article 6, paragraph 1, letter a) of Regulation (EU) 2016/679.
At the same time, the Data Controller, for Direct Marketing purposes, pursues its own legitimate interests pursuant to art. 6, paragraph 1, letter f) of Regulation (EU) 2016/679.
The communication will be made only and exclusively to employees and direct collaborators of the Data Controller for the sole purpose of performing the service requested by the User, unless the communication is required by law.
The optional, explicit and voluntary sending of email to the addresses indicated on the site implies, by its very nature, the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included in the message.
We invite our Users, in requests for services or questions, not to send names or other personal data of third parties that are not strictly necessary or data defined as "sensitive and / or special" under Articles 9 and 10 of Regulation (EU) 2016/679 within the limits and for the purposes specified in this statement.
Personal data are processed by automated means, for the time necessary to achieve the purposes for which they were collected.
Specific security measures are observed to prevent loss of data, illicit or incorrect use and unauthorised access in compliance with the obligations to adapt to adequate security measures. In fact, all data will be acquired and stored in accordance with Articles 32, 33 and following of EU Regulation 2016/679.
The Data Controller is not responsible for errors, content, cookies, publication of illegal immoral content, advertising, banners or files that do not comply with current legislation by sites not managed by the same.
No transfer of data to a third country is foreseen.
There is no automated decision-making process.
The personal data acquired, also through the "CONTACTS" service, will be kept for the duration necessary to carry out the activities requested by the User and in any case for a period not exceeding 5 years from the date of insertion.
The storage time may be extended and involve the acquisition of further data subsequently, in the event that the User requests further services; in this case the duration of the processing, for administrative, accounting, tax and contractual purposes may be extended up to 10 years from the termination of the relationship, as required by current regulations (art. 2220 of the Civil Code, art. 22 of the Decree of the President of the Republic of 29 September 1973 no. 600 and art. 2200 Civil Code).
The technical navigation cookies (described below), will be stored for the sole purpose of allowing the correct technical functioning of the site itself and will expire automatically when the browser is closed.
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of the communication protocols of the Internet.
This information is not collected to be associated with identified interested parties, but that by its very nature could, through processing and association with data held by third parties, allow the users to be identified.
This category of data includes IP addresses or domain names of computers used by Users who connect to the site, URL (Uniform Resource Locator) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response from the server (successful, error, etc..) and other parameters regarding the operating system and the user’s IT environment.
These data are only used to obtain anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing.
The data in question could be used to ascertain liability in case of any computer crimes against our site.
If the Users order the items through the e-commerce section of the www.bernardellistores.com, the purchase data are collected, and may, depending on the type of sale and treatment status, include the following information:
- serial number;
- details of the purchased goods (definition, size, colour, purchase price, etc.);
- data on the means of payment;
- delivery and billing addresses;
- communications and messages in connection with purchases (e.g. withdrawal statements, complaints and communications to customer service);
- supply and payment status (e.g. "Completed" or "Shipped");
- return status ("Successfully completed");
- data on third party service providers involved in the execution of the contract (in the case of mail order, it could be the dispatch number of the courier service).
The company offers the common means of payment in online commerce, in particular, prepay by bank transfer, credit or debit card, PayPal and the related invoice on completion. For the execution of the payment, the payment data communicated are collected and kept until the transaction is concluded.
The subjects to whom the personal data refer, pursuant to art. 13 of EU Regulation 2016/679, have the right at any time to obtain confirmation of the existence or otherwise of such data and to know its content and origin, verify its accuracy or request to integrate, update or correct them. The subjects whose personal data also have the right to request cancellation, transmission of data to other owners, transformation into anonymous form or blocking of data processed in violation of the law, and to oppose in any case, for legitimate reasons, to their treatment. Data subjects also have the right to lodge a complaint with the supervisory authority (Garante Privacy).
Requests related to art. 13 of EU Regulation 2016/679 must be addressed to the Data Controller at the telephone number +39 – 366 22 97 004 or at the email address: firstname.lastname@example.org
Rights of the data subject
European Regulation 2016/679
art. 13 "Information to be provided where personal data are collected from the data subject"
Information to be provided where personal data are collected from the data subject
1. Where personal data relating to a data subject are collected from the data subject, the controller shall, at the time when personal data are obtained, provide the data subject with all of the following information:
(a) the identity and the contact details of the controller and, where applicable, of the controller's representative;
(b) the contact details of the Data Protection Officer, where applicable;
(c) the purposes of the processing for which the personal data are intended and the legal basis for the processing;
(d) where the processing is based on point (f) of Article 6(1), the legitimate interests pursued by the controller or by a third party;
(e) the recipients or categories of recipients of the personal data, if any;
(f) where applicable, the fact that the controller intends to transfer personal data to a third country or international organisation and the existence or absence of an adequacy decision by the Commission, or in the case of transfers referred to in Article 46 or 47, or the second subparagraph of Article 49(1), reference to the appropriate or suitable safeguards and the means by which to obtain a copy of them or where they have been made available.
2. In addition to the information referred to in paragraph 1, the controller shall, at the time when personal data are obtained, provide the data subject with the following further information necessary to ensure fair and transparent processing:
(a) the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;
(b) the existence of the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability;
(c) where the processing is based on point (a) of Article 6(1) or point (a) of Article 9(2), the existence of the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
(d) the right to lodge a complaint with a supervisory authority;
(e) whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the personal data and of the possible consequences of failure to provide such data;
(f) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
3. Where the controller intends to further process the personal data for a purpose other than that for which the personal data were collected, the controller shall provide the data subject prior to that further processing with information on that other purpose and with any relevant further information as referred to in paragraph 2.
4. Paragraphs 1, 2 and 3 shall not apply where and insofar as the data subject already has the information.
A cookie is a text file that is stored on the user’s computer or mobile device (smartphone or tablet) by the server of a website to which a user accesses and that can be read or retrieved from the server that installed it during subsequent visits to the site. The cookie contains certain information (e.g. the server from which it comes, a numeric identifier, the expiry date of the cookie, etc.) and allows the website that installed it to remember, for example, the preferences expressed by the User when browsing or purchasing, perform authentication to access restricted areas or to monitor sessions.
While browsing, the User can also receive on his terminal cookies sent by different websites or web servers (so-called third parties), on which may exist some elements (eg. images, maps, sounds, specific links to pages of other domains) on the site that the User is visiting.
More generally, some cookies (defined as session cookies) are assigned to the User's device only for the duration of access to the site and expire automatically when the browser is closed. Other cookies (defined as persistent) remain in the device for an extended period of time.
Cookies are text files that are placed on the computers of Web users to allow safe and efficient exploration of the site and monitor its use. This website uses two types of technical cookies: session cookies for authentication (online services) and statistical monitoring/profiling cookies (Google Analytics).
As defined in the previous paragraph, cookies are text files that are stored on the computers of Web Users to allow safe and efficient exploration of the site and monitor its use.
This site does NOT use profiling cookies to create User profiles, which are then used to send advertising messages in line with the preferences expressed by the User when surfing the web.
This site uses third-party cookies.
Technical Session Cookies (essential for the use of online services). This site uses session http cookies to manage authentication to online services. The use of session cookies (which are not permanently stored on the User's computer and are deleted when the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to enable secure and efficient exploration of the site. Disabling these cookies does not allow the use of online services.
Technical Cookies for monitoring/statistical profiling (Google Analytics). The monitoring cookies can be disabled without any effect on the navigation of the portal: to disable them see the next section.
The Owner uses the Google Analytics service of the company Google, Inc. (hereinafter Google) for the generation of statistics on the use of the web portal.
According to the current terms of service, Google will use this information, as an independent data controller, for the purpose of tracing and evaluating the use of the website, compiling reports on website activity for website operators and providing other services relating to website activity, connection methods (mobile, PC, browser used, etc.) and search methods and access to portal pages. Google may also transfer this information to third parties where required by law, or where such third parties process the information on Google's behalf. Google will not associate IP addresses with any other data held by Google.
By using the Data Controller’s website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
Alternatively, you can only disable Google Analytics cookies by using the opt-out provided by Google for your primary browsers. In this way it will be possible also to use the online services of the Owner.
Run Chrome Browser.
Click on the menu in the browser toolbar next to the url entry window for navigation.
Click Show Advanced Settings.
In the "Privacy" section click on the "Content settings" button.
Run Mozilla Firefox Browser.
Click on the menu in the browser toolbar next to the url entry window for navigation.
Select the Privacy panel.
Click Show Advanced Settings.
In the "Privacy" section click on the "Content settings" button.
In the "Tracking" section, you can change the following cookie settings:
From the "History" section you can:
Run Internet Explorer Browser.
Click the Tools button and choose Internet Options.
Click the Privacy tab and in the Settings section, change the slider to the action you want for cookies:
Run Safari Browser
Click Safari, select Preferences, and press Privacy.
In the Block Cookies section, specify how Safari should accept cookies from the websites.
To view which sites have stored the cookies, click on Details.
Safari iOS (mobile devices)
Run iOS Safari Browser.
Tap on Settings, and then on Safari.
Tap on Block Cookies and choose between "Never", "Third Party and Advertiser" or "Always".
To delete all cookies stored by Safari, tap on Settings, then on Safari, then on Delete Cookies and Data.
Run Opera Browser.
Click on Preferences then on Advanced and then on Cookies.
Select one of the following options: