This page describes how to manage the site to the processing of personal data of users who consult it. This information is provided pursuant to EU Regulation 2016/679 to those who interact with web services accessible electronically from the address: www.polisweb.it. The information is provided only for the POLIS srl site and not for other websites that may be consulted by the user via links.
The General Data Protection Regulation, officially Regulation (EU) no. 2016/679, better known as GDPR, is a European Union regulation on the processing of personal data and privacy. With this regulation, the European Commission intends to strengthen and make more homogeneous the protection of the personal data of citizens of the European Union and residents in the European Union, both inside and outside the borders of the European Union (EU). The text, adopted on 27 April 2016, was published in the European Official Journal on 4 May 2016 and entered into force on 25 May of the same year; GDPR is operational since 25 May 2018. The text also addresses the issue of the export of personal data outside the EU and obliges all data controllers (including those with registered offices outside the European Union) to process residents of the European Union data to observe and fulfill their obligations. The main objectives of the European Commission in the GDPR are to restore control of their personal data to citizens and to simplify the regulatory environment concerning international affairs by unifying and making homogeneous the privacy legislation within the EU. Since its entry into force, the GDPR has replaced the contents of the data protection directive (Directive 95/46 / EC) and, in Italy, has repealed the rules of the code for the protection of personal data (Legislative Decree no. 196/2003) incompatible with it. For more information, see also www.garanteprivacy.it/web/garante-privacy-en.
Purposes and methods of processing
The data controller of personal data is POLIS srl, registered office in via Brescia 36 - 25025 Manerbio (BS) Italy, C.F. 11512040152 and P.I. IT02152670986, R.E.A. 359723, e-mail firstname.lastname@example.org (the "Owner").
Purposes and methods of processing
POLIS srl processes Users' personal data for the following purposes:
- to register on the Site or to proceed to purchase POLIS srl goods or services through the Site and, therefore, to perform any activity connected, in particular, to the selection of products or services, to the sending of orders and/or to the relative acceptance, to the shipment, delivery and/or any exercise of the right of withdrawal and the consequent withdrawal of the goods or any other fulfillment provided for in the general conditions of sale of POLIS srl;
- to allow the use of the services reserved for registered Users as per the conditions of use of the Site in which the provision of services at the request of the User is envisaged such as alert services, sending messages to receive customer assistance, for the reservation of goods and services, for the release of reviews and comments by Users in special online forms;
- for carrying out any administrative, accounting and logistical activities related to registration on the Site, making a purchase through the Site, as well as to comply with legal obligations;
- for sending communications aimed at the promotion and/or direct sale of products or services similar to those already purchased / enjoyed by the User, without prejudice to the User's right to object at any time;
- for sending commercial communications on products and services of the Site and/or POLIS srl and/or third parties, special offers, promotions and news, coupons, by means of automated systems, e-mail (cd Newsletter), sms, mms, fax, or similar, and/or by means of the postal service (so-called marketing purposes);
- for the analysis of preferences and consumption habits and the processing of personal preferences and interests of the User through automated systems and the transmission of personalized offers through the Site, (so-called "profiling" purposes);
- for statistical and historical purposes (only with anonymous and aggregated data).
Personal data are processed with manual and electronic tools and are stored in the responsible electronic database. The personal data contained in the aforementioned automated information system, as well as those stored in the electronic archives of the Data Controller, are processed in accordance with the provisions of current legislation and the GDPR regarding security measures, in order to minimize the risks of destruction. loss, modification, unauthorized disclosure or access, accidentally or illegally, or processing that does not comply with the purpose of the collection. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access. Furthermore, personal data are kept for the time necessary to achieve the aforementioned purposes, as well as to fulfill the legal obligations imposed for the same purposes.
Type of personal data processed
POLIS srl processes personal data freely entered by the User on the Site, or entered by the User through connection to social platforms (such as, in particular, personal data, tax codes, contact details, telephone and/or fax numbers, e-mail addresses , data contained in comments or reviews, etc.), as well as autonomously generated technical data (in particular, IP addresses, log files relating to navigation on the Site, purchases made, etc.).
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's IT environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the site.
Data provided voluntarily by Users
The optional, explicit and voluntary sending of e-mails or other data through the forms on this site, or through any addresses indicated on this site entails the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included in the message. Specific summary information will be progressively reported or displayed on the pages of the site set up for particular services on request (form for the collection of consent to use data). The user is free to provide personal data contained in the computer application forms (form) to the Data Controller to access the services offered. Failure to provide them may make it impossible to obtain what is requested.
Credit card data
To make a payment on the Site by credit card, the User must enter the confidential data of the credit card (card number, holder, expiration date, security codes). These data will be acquired by the payment service provider who will act as independent data controller, without passing through the POLIS srl server. The data will be acquired in encrypted format according to the security requirements of the PCI certification. POLIS srl only will keep track of the last four digits that make up the credit card number and the expiry date exclusively to prevent any fraud in online payments. The payment service provider uses the Transport Layer Security (TLS) protocol.
Provision of data and consent to its processing - Consequences in case of failure to provide it.
The provision of data for the purposes referred to in points (a), (b) and (c) of art. 3 above is necessary and, therefore, failure to provide the personal data in question will make it impossible for the User to complete the purchase, sale, delivery and/or return procedures of the goods, to use the services reserved for registered Users. or requested by the latter from time to time as indicated in the conditions of use of the Site, as well as the performance of administrative and accounting activities by POLIS srl. Consent to the processing of personal data for the aforementioned purposes is not required, in particular, pursuant to art. 6, par. 1, lett. b), of the GDPR and of the current legislation.
In respect to the purpose referred to in point (d) of art. 3 above, consent to processing is not required under current legislation, however without prejudice to the User's right to object at any time to the sending of communications in the manner indicated below.
In respect to the purpose of the processing referred to in points (e), (f), (g) of art. 3 above, consent to the processing of personal data is purely optional, it being understood that failure to provide it will make it impossible (i) for the User to receive information and/or commercial communications relating to products and/or services of POLIS srl or third parties , including those belonging to the product sectors indicated above, and to benefit from any promotions from these offers, (ii) for POLIS srl to analyze the User's consumption habits in order to process and send specific offers based on tastes and preferences of the User.
Data communication and communication to third parties
The personal data provided by the User for the purposes described in art. 2, may be brought to the attention of or communicated to the following recipients:
- Employees and/or collaborators in any capacity of POLIS srl for the performance of administration, accounting and IT and logistical support activities;
- Private subjects, natural and/or legal persons (legal, administrative and tax consultancy firms, shippers and couriers, any IT companies, any marketing companies and any other subject) of which POLIS srl makes use in carrying out the activities referred to in points of the art. 2;
- All subjects (including Public Authorities) who have access to data by virtue of regulatory or administrative provisions.
All personal data provided by Users in relation to registration on the Site, purchase through the Site are not subject to disclosure. The personal data relating to the processing in question will not be disclosed in any way to third parties.
All the subjects listed above (natural and legal persons) have been informed and have formally accepted the POLIS srl data processing management policy.
Data retention period
POLIS srl has the right to keep the data in anonymized form for statistical and functional purposes. Furthermore, personal data is kept for the time necessary to achieve the aforementioned purposes (Article 3 Purposes and methods of processing), as well as to fulfill the legal obligations imposed for the same.
Rights of interested parties
In accordance to the GDPR 2016/679 (Chapter III rights of the interested party, articles 12 to 23) and current legislation, the User rights are:
- propose a complaint to the Supervisory and Guarantee Authority (Art. 13 and 14 GDPR 2016/679)
- obtain confirmation of the existence or not of personal data concerning him (Article 15 GDPR 2016/679) and their communication in an intelligible form, receiving them in a structured format, commonly used and legible with the possibility of transmitting them to another holder ( "Right to portability");
- obtain information: (i) on the origin of personal data, on the purposes and methods of processing, on the logic applied in case of processing carried out with the aid of electronic tools; (ii) on the identification details of the Data Controller and of the external Data Processor (s); (iii) on the subjects or categories of subjects to whom the data may be communicated or who may become aware of them as appointed representative in the territory of the State, managers or designees.
- obtain (i) the updating, rectification or integration of the data concerning him or, in the event of a dispute regarding the correctness of the data, the limitation of the processing of the same for the time necessary for the appropriate checks, (ii) the transformation anonymously or the blocking of data processed in violation of the law, including those whose retention is necessary in relation to the purposes for which the data were collected or subsequently processed, (iii) the attestation that the operations of referred to in the preceding points have also been brought to the attention of those to whom the data have been communicated or disseminated, with regard to their content, except in the case in which this fulfillment proves impossible or involves the use of means manifestly disproportionate to the protected right.
- object, in whole or in part (i) to the processing of data concerning him, even if pertinent to the purpose of the collection, (ii) to the processing of personal data concerning him (Article 21 GDPR 2016/679), provided for the purposes of commercial information or sending advertising or direct sales material or for carrying out market research or commercial communication.
- obtain the cancellation without undue delay ("Right to be forgotten" Art. 17 GDPR 2016/679) in the event that the data are no longer necessary with respect to the purposes for which they were collected or otherwise processed, have been unlawfully processed or in in the event that the User (i) requests it or (ii) completely or partially opposes the processing.
- obtain the limitation of processing (Article 18 GDPR 2016/679) in the event that the data (i) are unlawfully processed but the User opposes the cancellation of the same, (ii) they are necessary for the User to ascertain, the exercise or defense of a right, (iii) an evaluation of the legitimate reasons for processing by the Data Controller is pending.
The above rights may be exercised with a request to the Owner, at the e-mail address email@example.com with a simple request and without any reason.