This information describes (i) the management methods of the website https://www.dilillajewelry.com/ (the “Website”) and the processing of the personal data of the users who consult it, as well as (ii) the processing of the personal data of those who, as customers or for any other reason, have relationships or contacts with DILILLA JEWELRY or otherwise provide DILILLA JEWELRY their personal data, for the purposes and the additional terms and conditions of this information, or in relation to which DILILLA JEWELRY carries out processing operations of personal data (the “Interested party”).
This information is provided pursuant to art. 13 of Regulation (EU) no. 2016/679 (the “GDPR”).
1. Data Controller
The Data Controller is DILILLA JEWELRY (the “Owner”), with registered office in Via Nicola Fabrizi, 5, 10143 Turin TO, tel. +39 011 7495204, e-mail: email@example.com The updated list of any data processor is available at the headquarters of the Data Controller.
2. Data processing place and methods
The treatments connected to the web services of this website, as well as the treatments that are carried out by DILILLA JEWELRY for any other reason pursuant to this information, take place at the headquarters of the Data Controller and are handled by internal technical staff, appropriately appointed, in writing, Person in charge of processing, pursuant to the GDPR, and / or by personnel external to the organization of the Data Controller, subject to suitable appointment, always in writing, as Data Processor, pursuant to art. 28 of the GDPR.
All personal data are processed both in paper format and, mainly, electronically. The same will be kept in a form that allows the identification of the user only for the time strictly necessary to achieve the purposes for which the data were originally collected and, in any case, within the limits of the law. Specific security measures are observed to prevent the loss of data, the illicit or incorrect use thereof, and unauthorised access, in accordance with GDPR.
In order to guarantee that your personal data are always correct, updated, complete and pertinent, we invite you to notify any modifications to the following email address firstname.lastname@example.org
3. Purpose of processing
Personal data is processed for the following purposes:
a) manage and process, in relation to what is indicated in the previous point, the questions and requests for interactions with DILILLA JEWELRY, its professionals and the subjects related to the organization of the Owner
b) even without the consent of the interested party within the limits allowed by the GDPR, for sending communications containing information relating to the Data Controller and the activities organized by the Data Controller (such as, for example, invitations to events, including the management of the related participations to them), as well as updates and / or information material, such as, for example, in-depth analysis and updates on matters relating to the activities carried out by the Data Controller.
The performance of the activities in letter a) listed above does not require the consent of the interested party, since these are services or performances carried out, in most cases, to execute requests made directly by the interested party pursuant to art. 6, c. 1.
The processing of data for the purposes under b) does not require the consent of the customer, as an interested party, as it is necessary for the pursuit of the legitimate interest of the Data Controller, pursuant to art. 6, c. 1 (f) of GDPR.
4. Provision of data and consequences in case of a lack thereof.
The provision of personal data for the aforementioned purposes is optional. Failure to provide them will make it impossible for the Data Controller to manage and process the requests of the interested party or to send the communications indicated above.
5. Types of processed data
5.1. Browsing data
The computer systems and software procedures used to run this website record some personal data during their normal operation, the transmission of which is implicit in the use of Internet communication protocols.
This information is not collected with the intent of associating it with identified users but by their own very nature, could lead to the identification of users through processing and association with data held by third parties.
This data category includes IP addresses, (or domain names), of the computers used to connect to the Website; URI (Uniform Resource Identifier) addresses of the requested resources, timestamp of the request, the method used to submit the request to the server, size of the file obtained in response, numerical code indicating the server response status (successful, error etc.), and other parameters pertaining to the user’s operating system and IT environment.
These data are used only to obtain anonymous statistics about the usage of the website and to check that it is functioning correctly; they are deleted immediately after processing. The Data could be used to ascertain responsibility in the event of hypothetical computer offences committed against the Site.
5.2. Data provided voluntarily by the user or collected from third parties
The optional, explicit, and voluntary sending of an e-mail address and the related message to the addresses indicated on the Site entails the subsequent acquisition of the sender’s address and any other personal data entered, necessary to respond to their requests.
In addition to the foregoing, any further personal data (such as personal details, data relating to professional activity, qualification and / or corporate role, contact data such as company and / or personal telephone, e-mail address) provided to the Data Controller or in any case collected by the Data Controller from third parties, will be processed by the Data Controller in accordance with this information and within the limits established by the GDPR.
6. Recipients and recipients categories
No data will be disclosed or transferred to third parties if there is no consent of the interested party. If communication to third party suppliers were necessary for organizational, administrative or support needs to the services provided, the Data Controller will be responsible for appointing the latter as data processors pursuant to the GDPR.
7. Data transfer to other countries
Your personal data will not be transferred to other countries.
8. Period of retention
Personal Data shall be retained for the time necessary to achieve the purposes for which it was collected and processed. Once the purpose of the processing has been carried out, or in the event of the exercise of the right to object to the processing or revocation of the consent given, the data controller will still be entitled to further retain personal data in whole or in part, for the purposes permitted by the GDPR (such as the need to assert a right in court).
9. Rights of interested parties
9.1 The interested parties shall be entitled to exercise their rights pursuant to articles 15 – 20 of the GDPR. For example, each interested party may:
a) obtain confirmation as to whether or not the data related to them are being processed;
b) if data processing is in progress, obtain access to personal data and information relating to them and request a copy of the personal data;
c) obtain the correction of inaccurate personal data and the integration of incomplete personal data;
d) obtain, if one of the conditions laid down by art. 17 of GDPR is fulfilled, the deletion of personal data concerning them;
e) obtain, in the cases provided for by art. 18 of the GDPR, the limitation of processing;
f) receive the personal data concerning them in a structured format, commonly used and readable by an automatic device and request their transmission to another holder, where technically feasible.
9.2. Each interested party has the right to object at any time to the processing of their personal data carried out for the pursuit of a legitimate interest of the Data Controllers. In case of opposition, your personal data will no longer be processed, provided that there are no legitimate reasons to proceed with the processing that prevail over the interests, rights and freedoms of the data subject or for the assessment, exercise or defense of a right in court.
9.3. In the event that consent is required for the processing of personal data, each interested party may also revoke the consent already given at any time, without prejudice to the lawfulness of the processing based on the consent given before the revocation. Consent can be revoked by writing an email to email@example.com
9.4. With reference to the processing of personal data for the purposes referred to in Article 3 (b), the Data Controller may not request the consent of the interested party, provided that the latter is adequately informed and does not refuse such use, initially or on the occasion of subsequent communications. The interested party, at the time of collection and at the time of sending any communication made for the purposes referred to in this paragraph, is informed of the possibility of opposing the processing at any time, easily and free of charge.
9.5. Each interested party may lodge a complaint with the Guarantor for the Protection of Personal Data in the event that they believe that the rights they own have been violated pursuant to the GDPR.