General Data Protection under Regulation UE 679/2016
According to the regulations indicated, the data processing will be be based on the principles of propriety, lawfulness, transparency and protection of User’s privacy and rights.
This policy is for the Users who interact with Alma fashion’s Web Site and it is under the UE regulation related to the “physical person with regard to the personal data and to the free circulation of such data” and to the Cookie regulation on the net and particularly to the issuing of the Measure by the Authority responsible for Privacy published on 8th May 2014 “finding simplified ways for the policy and obtaining informed consent for the use of the Cookies” and the subsequent “clarifications on the application of the regulation for the Cookies” issued on 5th June 2015.
The regulation outlines only the management procedures of the Web Site, with regard to the processing of the User’s personal data who check the web site and not for the external web site that the Users can check through links on such web site. Further informations could be provided inside specific sections.
1. Kind of the processed data and processing purposes.
1.1 Navigation data
The informatic systems and the applications for the operation of this web site collect, during their normal operation, some personal data which transmission is implicit in the use of internet communications protocols.
We are dealing with informations that are not collected in order to be associated with identified interested parties but that could, for their nature, allow the User’s identification through elaboration and combination of data collected by third parties.
The collected data include address IP or computer domain names used by the Users who get connected, Uri notation addresses ( Uniform Resource Identifier) of the resources required, the time of the request, the method used to submit the request to the server, the file size obtained in response, the numeric code that indicate the status of the answer given by the server (success, error, etc) and other parameters related to the operational system and User’s IT environment.
These data are processed for the time necessary to fulfil the purposes for which they are collected, for the only purpose to obtain anonymous statistic informations on the use of the web site and to control the smooth functioning.
The data could be used for the assessment of responsability in case of potential cyber crime against the web site.
1.2 The data are provided on a voluntary basis.
The sending of emails to the addresses indicated on the web site (in order to ask informations) involves the acquisition of the sender’s address and any further information in the email.
Such data will be processed only in order to complete the request and communications to third in case it is necessary to fulfil the User’s request (for example for the shipment of the documents required).
If the Users are asked to submit the personal data in order to have access to specific services, it will be provided in advance the detailed policy on the data processing under the existing legislation specifying limits, purposes and modalities of the processing.
Cookies are small text files that the visited web site send to the User’s computer (to the browser), where they are stored in order that this device will be recognised for the next visit of the User on the web site.
On each later visit, cookies are re-sent from the User’s device to the web site.
Cookies can be “installed” (more precisely stored and accessed), not only from the operator of the web site (first-party cookies) but also from a different website that installs cookies through the first website(third-party cookies) and that is able to recognise them. This happens because on the visited web site, may be present elements (images, maps, sounds, links to website of other domains, etc) residing on servers different to the one visited.
On the basis of the purposes, cookies are distinguished on technical cookies and profiling cookies.
The technical cookies are “installed” with the only purpose to carry out the transmission of a communication over an electronic communications network, or as strictly necessary in order to provide an information society service explicitly requested by the subscriber or user.
They are usually used in order to enable an efficient navigation between the pages, store the informations on specific configurations of the User’s, manage the authentication , etc. Some of these cookies (called essential or strictly necessary) as the session cookies that are used to manage the basket on the e-commerce web site that enable functions without which it wouldn’t be possible to carry out any operations.
The use of the technical cookies do not require the User’s consent.
The Cookies cd. “analytics” are assimilated to the technical cookies (for the relative installation it is not required the User’s consent nor the further legal requirements).
They are used to monitor the use of the website from the Users in order to optimise it – if used directly from the web site first -party (without the intervention of third party), as well as the analytics cookies realised and made available from third parties and used by the web site first party for only statistical purposes, if suitable instruments are used to reduce the identifying power (for example through masking significative parties of the IP address) and the third party undertakes to not “cross” the informations contained in those cookies with other held.
The profiling cookies are used to track the User’s navigation and analyse the User’s behaviour for marketing purposes and they are used to create profiles related to the User and to send advertisements in line with the preferences showed during the navigation in the net. Such Cookies can be installed on the User’s terminal equipment only if the User expressed his/her consent with the modalities indicated on the Measure. According to their duration, cookies can be distinguished in persistent Cookies (they are stored on the User’s device untill their expiry unless they are removed by the User) and session Cookies (they are not persistently stored on the User’s device and they expiry with the Browser closure). Prifiling Cookies are generally persistent Cookies.
Cookies used on the web site
This web site use only technical cookies in order to allow a safe and effective navigation on the web site and to monitor the functioning.
How to delete the cookies
Most of the browser webs are set to accept automatically first-party cookies. The users can modify the default configuration through the browser settings; the disablement/blocking of the cookies or their deletion could prevent the use of the web site or certain areas. The way of handling cookies depends on the browser used and usually from the specific version of the browser.
In any case, it’s usually necessary to access browser settings and to intervene in default settings to decide which type of cookies you want to disable and/or remove the existing ones. The detailed information on the procedure to configure settings on the cookies could be found in the browser handbook (it is usually accesible by the computer through F1 button or clicking on the question-mark icon). Below you also find some link with handbooks for the cookie delating:
Google Chrome Chrome https://support.google.com/chrome/answer/95647?hl=it
Internet Explorer http://windows.microsoft.com/it-it/internet-explorer/delete-manage-cookies#ie=ie-10
2. Modalities of the processing
The processing of the personal data is done through automated tools (using for example procedures and electronic devices) and/or by hand (for example on paper documents) for the period of time strictly necessary to fulfil the purposes for which the data have been collected and, however, in accordance with the existing legislations. The data processing will be processed with logics of organisation and elaboration related to the purposes and so as to guarantee security, integrity and confidentiality of such data according to the organisational, physics and logical measures provided for by existing laws.
3. Providing data is voluntary
Unless the abovementioned regarding navigation data and cookies, the User is free to provide his/her personal data, such as requests for infomartion or contact request sent by email or requests for the access to services, utilities and application freely chosen. Not providing the personal data can lead to the impossibility to obtain the requests and can prevent Alma Fashion from fulfilling the contractual obbligations according to the contract.
4. Controller, processor and group concerned
The controller of the Personal data is Alma Fashion srl located in Forlì- via Barsanti 39.
The processes linked to the web services of this web site are managed by technical personnel, processor.
Some processing operations of the Personal data can be managed also by third party, beside controller’s employees, to whom the company entrust the maintenance/management of the activity. In this case, the subjects will be nominated processors. The informations related to the processors are easily available sending an email to the address firstname.lastname@example.org
The data are not subject of disclosure.
5. Rights of the data subject
The data subject has the right, at any time, to obtain the confirmation of the data existence and to know the content and the origin, to verify their accuracy or ask for the update or the integration, or rectification. The data subject has also the right to request the deletion, the transformation into anonymous form or the blocking of his/her data unlawfully processed, as well as the right to object to the processing for legitimate reasons.
In accordance with art. 13 GDPR EU, the data subject has always the right to know the identity and the contact of the controller and, if necessary, the contact of his/her representative, the contact of the processor, the purposes of the processing to which the personal data are designed as well as the legal basis for the processing, the legitimate interest pursued by the controller or by third party nominated as controller, possible recipients or categories of recipients, the data retention period and the controller’s intention to transfer the personal data to a third State or to an international organisation. The subject data, in accordance with ar. 13 GCPR UE 679/2016, can also exercise the right:
- To have access to the personal data;
- To obtain the rectification, deletion of the data or the limitation of the processing;
- To object to the processing;
- To use the data portability ;
- To revoke the consent, at any time, without affecting the lawfulness of processing based on the consent given before the revocation;
- to lodge a complaint with a supervisory authority, Garante Privacy for Italy ;
- to be informed about the possibility that the communication of the personal data can be a legal or contractual obbligation or a necessary condition for the conclusion of a contract and to know if the data subject is required to provide his/her personal data as well as the possible consequences of failure to provide such data;
- to be informed about the existence of an automatic decision-making process, including the profiling and in such cases to receive relevant informations about the logic used as well as the importance and the consequences of the processing for the data subject.
- In accordance with art. 14 GDPR UE where the personal data are not collected from the data subject, the controller should provide the data subject with the following informations:
- Identity and contact of the controller and, if applicable, of his/her representative;
- Contact of the processor, if applicable;
- The purposes of the processing to which the personal data are designed as well as the legal basis for the processing;
- The categories of such personal data;
- possible recipients or categories of recipients of such personal data;
- if applicable, the controller’s intention to transfer the personal data to a third State and the existence or the absence of an adequacy decision of the European Commission or in the necessary cases the reference to adequate or opportune guarantees and the ways to obtain a copy of such data or the place where they are made available.
- in addition to the information referred to the paragraph 1, the controller should provide the data subject with the following informations necessary to guarantee a proper data processing in respect of the data subject.
- the data retention period or, if not possible, the criteria used to determine such period;
- the legitimate interests of the controller or third party;
- the existence of the right of the data subject to ask the controller the access to the personal data or the rectification or the deletion of such data or the restriction of processing and to object to the processing, as well as the right to data portability.
- The existence of the right to revoke the consent at any time without compromising the lawfulness of the processing based on the consent given before the revocation;
- The right to lodge a complaint with a supervisory authority, Garante Privacy for Italy ;
- The source of the personal data and the possibility that the personal data come from publicly available sources;
- the existence of an automatic decision-making process, including the profiling and in such cases to receive relevant informations about the logic used as well as the importance and the consequences of the processing for the data subject.
- The controller ALMA FASHION SRL should provide the informations referred to the above paragraphs 1 and 2:
- within a reasonable period after obtaining the personal data but within one month at the very latest, having regard to the specific circumstances in which the personal data are collected;
- in the event that the personal data are intended for the communication with the data subject, at time of the first communication to the data subject at the very latest, or in case of communication to other recipient, no later then the first communication of the personal data.
- Where the controller has the intention to further process the data for a purpose other than for which they were collected, the controller should provide the data subject prior to that further processing with information on that other purpose and other necessary information indicated in paragraph 2.
If any further information are necessary regarding the data processing, the users can send an email to email@example.com