PRIVACY
Privacy Policy
Please carefully read this Privacy Policy (hereinafter referred to as the "Policy") provided to users of the website www.delcore.com (hereinafter referred to as the "Site"). This Policy is prepared in accordance with Article 13 of the European Regulation No. 2016/679 ("GDPR"), and it outlines all the details regarding the processing of your data and how it is used.
1.DATA CONTROLLER
Kassandra S.r.l, with registered office at Via Vittor Pisani, 20, 20124 Milan, Tax ID and VAT number 10918320960 (hereinafter, the "Controller"), available at the following email address: [email protected]
2. PERSONAL DATA SUBJECT TO PROCESSING
The Controller will process the following personal data:
a) Data voluntarily provided by the user: Through the Website, Users have the option to voluntarily submit personal information, such as when creating an Account ("Account"), making a purchase without registration, subscribing to the newsletter, receiving information from the Controller through the appropriate "Contact" section, etc. In this context, the Controller processes, by way of example and not exhaustively, the following personal data: name, surname, date of birth, address, email address, phone number, order number, and any additional information transmitted through a support request.
b) Payment Information: The Website allows payments to be made through various payment platforms. In this context, the Controller processes the following data: the unique identifier of the User, payment details (e.g., payment date and time), the last four digits of the credit card, transaction data limited to the identification of the transaction itself. The Controller clarifies that, except for the aforementioned information, additional data related to payments made by the user are not processed in any way by the Controller but solely and directly by the chosen payment platform provider, which acts as an independent data controller. For more information, please refer to the general terms and conditions of the chosen payment platform provider, as well as its privacy policy regarding the processing of personal data.
c) Third-Party Data: If you decide to provide us with third-party data, please ensure that these individuals have been previously and adequately informed about the methods and purposes of the processing described herein. In this regard, you act as an independent data controller, assuming all legal obligations and liabilities.
d) Data Collected Using Cookies or Similar Technologies: For further information, please refer to the Cookie Policy.
e) Technical Data: This category of data includes the IP addresses or domain names of the devices used by users who connect to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used when submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters relating to the User's operating system and computer environment. This data is used solely for statistical information purposes (therefore, it is anonymous), to check the proper functioning of the site, and is deleted immediately after processing. The data may be used to ascertain responsibility in the event of hypothetical computer crimes against the Website: except for this possibility, web contact data is not stored for more than 7 days.
3. PURPOSES OF PROCESSING, LEGAL BASIS, AND PERIOD OF RETENTION OF PERSONAL DATA
3.1. Account Creation and Newsletter Service Activation
The data collected during the registration of the Account is processed solely to enable users to fully utilize the services and functionalities of the Website, specifically for the following purposes:
I. For purposes related to the creation and management of the Account and to activate the Newsletter service;
II. For administrative, accounting, and legal purposes related to the management of the Website;
III. For customer support and fraud management and prevention purposes.
Please note that creating an Account and activating the Newsletter service is optional, as users can access the services offered through the Website even as non-registered users. However, if the necessary data for the above-mentioned purposes is not provided, it will be impossible to create a personal Account, and consequently, the provision of services reserved for users with such an Account (e.g., "Address Book," "Order History," Wishlist, etc.) and receiving the Newsletter services will be precluded.
Legal Basis: Involvement of the Data Subject in the performance of a contract or pre-contractual measures. (Art. 6(1)(b) of the GDPR).
Retention Period: Your data will be retained until the Account is deleted and subsequently, where strictly necessary, for the applicable prescription period as provided by Art. 2947, paragraphs 1 and 3, of the Civil Code.
With respect to the Newsletter Service, please be reminded that you can unsubscribe at any time by clicking the button provided at the end of each communication.
We hereby inform you that, in the event of no access to your personal area for a period exceeding 24 months, we will delete your Account and all your personal data, except where further retention of such data is necessary to fulfill legal obligations and/or protect our legitimate interests. Before proceeding with the deletion of your Account, we will contact you to inquire whether you wish to keep it active. In the absence of a positive response or any response, we will proceed with the Account deletion, making it impossible for you to access it with your previous credentials, and you will need to create a new Account.
3.2. Purchase of Products, Related Payments, and Management of Return Requests
In this context, we process your personal data:
i. For purposes related to order management (including, if applicable, return requests) and payments made through the Website;
ii. For related administrative, accounting, tax, and legal purposes;
iii. For customer support purposes, including addressing any complaints or reports from you.
Please be informed that the processing of your data for the above-mentioned activities and purposes is essential, and failure to provide the necessary information will preclude you from completing the purchase.
Legal Basis: Involvement of the Data Subject in the performance of a contract or pre-contractual measures. (Art. 6(1)(b) of the GDPR).
Retention Period: The statutory limitation period (ten years from data provision), subject to additional retention periods determined based on the necessity to protect our legitimate interests (e.g., in the event of handling complaints and/or disputes through judicial and/or extrajudicial means).
3.3. Direct Marketing
We process your personal data, with your prior free, specific, and informed consent, to keep you updated on our promotional, commercial, and advertising initiatives, events, initiatives, or partnerships (e.g., newsletters), as well as to conduct market research and user satisfaction surveys, in accordance with the provisions of the Italian Data Protection Authority's resolution "Guidelines on promotional activities and the fight against spam – July 4, 2013 [2542348]."
If you decide to give your consent, please be informed that these activities may be carried out, as provided by the current regulations, through postal mail, telephone contacts with an operator ("traditional methods"), email, SMS, push notifications, and social media usage ("automated methods"). In this regard, we clarify that, with the exception of push notifications, we will collect a single consent for the marketing purposes mentioned above, in compliance with the aforementioned Guidelines. Additionally, we will process your data to perform analysis and reporting activities related to promotional communication systems, such as detecting the number of opened emails, clicks on links within the communication, the type of device used to read the communication, the corresponding operating system, or the list of subscribers who have unsubscribed from the newsletter.
In the absence of your specific consent, we will not process your personal data for direct marketing purposes and, therefore, will not be able to inform you about new products and/or ongoing promotions. However, please note that consent is entirely optional and voluntary. Therefore, even if you do not provide your consent for marketing purposes, you can still use all the features and services of the Website.
Please note that you can revoke your consent for the processing of your personal data for direct marketing purposes at any time by changing your preferences in the "Unsubscribe" section of the website or by following the procedures described in point 6 of this Privacy Policy. The revocation of your consent will not affect the lawfulness of processing carried out based on your consent before its revocation.
Legal Basis: Data Subject's consent (Art. 6(1)(a) of the GDPR) and the Controller's legitimate interest (Art. 6(1)(f) of the GDPR) in tailoring the Newsletter service to the user’s needs and improving the effectiveness of our marketing campaigns.
Retention Period: Your personal data processed for direct marketing purposes will be retained until the date of your consent revocation. As for Newsletters, please be reminded that you can unsubscribe at any time by clicking the button provided at the end of each communication.
Regarding the data derived from analysis and reporting activities related to promotional communication systems, such as detecting the number of opened emails or clicks on links within the communication, these will be retained for a maximum of 24 months from the time of their collection.
3.4. Soft Spam
We process your email address provided at the time of Account registration to send you commercial communications regarding products similar to those you have purchased (so-called "soft spam").
Legal Basis: Controller's legitimate interest (Art. 6(1)(f) of the GDPR and Art. 130, fourth paragraph, of Legislative Decree 196/2003 Privacy Code).
Retention Period: Your data will be processed until you object to receiving such communications. Please be reminded that you can object to this processing at any time following the procedures described in point 6 of this Privacy Policy.
3.5. Responding to Requests Sent through the "Contacts" Section
By accessing the "Contacts" section, you have the possibility to submit an information request and/or make a report.
Legal Basis: Involvement of the Data Subject in the performance of a contract or pre-contractual measures. (Art. 6(1)(b) of the GDPR).
Retention Period: Your personal data will be processed for the time strictly necessary to fulfill the information request and/or verify the reported matter, but in any case, it will not be retained for more than 24 months.
3.6. Compliance with Legal Obligations
The Controller may need to process your personal data to comply with legal obligations it is subject to.
Legal Basis: Compliance with legal obligations to which the Controller is subject (Art. 6(1)(c) of the GDPR).
Retention Period: Your personal data will be processed for the time strictly necessary to comply with the legal obligations to which we are subject, and in any case, it will be retained for a maximum period of 10 years.
3.7. Technical Management of the Website
The Controller may need to process your personal data to ensure the proper technical management of the Website.
Legal Basis: Controller's legitimate interest (Art. 6(1)(f) of the GDPR).
Retention Period: Your personal data will be processed for purposes related to the technical management of the Website for the time strictly necessary to achieve this purpose and, in any case, for a period not exceeding 12 months.
3.8. Assert, Exercise, or Defend Rights or Interests
We may need to process your personal data to enable us to assert, exercise, or defend the rights or interests of the Controller and/or third parties in judicial and/or extrajudicial proceedings or whenever judicial authorities exercise their functions.
Legal Basis: Controller's or third parties' legitimate interest (Art. 6(1)(f) of the GDPR).
Retention Period: Your personal data will be processed for the applicable prescription period as provided by Art. 2947, paragraphs 1 and 3, of the Civil Code.
3.9. Facilitate Potential Mergers, Asset Transfers, Business Transfers, or Divestitures by Disclosing and Transferring Your Personal Data to the Involved Third Party/Parties
We may need to process your personal data to carry out extra-ordinary operations such as mergers, acquisitions, divestitures, transfers of business units, etc.
Legal Basis: Controller's legitimate interest (Art. 6(1)(f) of the GDPR).
Retention Period: Your personal data will be processed for the time strictly necessary to complete the operation(s).
4. PERSONAL DATA RECIPIENTS
For the purposes described above, your personal data may be shared with the following (Recipients):
• Employees and/or collaborators of the Controller authorized and/or appointed to process personal data;
• Delegates and/or individuals appointed by the Controller to perform activities strictly related to the pursuit of the aforementioned purposes (including technical management and maintenance of information systems, and Website management), duly designated as data processors;
• Providers of payment platforms connected to the Website (e.g., PayPal, Stripe, Sofort/Ideal, Amazon Pay, Apple Pay, Google Pay, Scalapay, Clearpay), with whom the Controller has entered into specific agreements to regulate matters concerning the protection of personal data;
• Individuals or companies carrying out activities strictly related to promotional, commercial, and advertising services, duly appointed as data processors;
• Persons, companies, or professional firms providing assistance and consultancy services to the Controller, duly appointed as data processors, where necessary;
• Subjects, entities, or authorities to whom the communication of your personal data is mandatory by virtue of legal provisions or orders of competent authorities;
• Third parties within the context of any extraordinary operations involving La Piadineria;
• Other companies within the Controller's group or otherwise affiliated with the Controller.
Under all circumstances, only the necessary and relevant data will be communicated to the mentioned parties in relation to the purposes of the processing for which they are responsible.
Your personal data may be transferred outside the European Economic Area (EEA). The transfer of your personal data outside the EEA will be carried out in full compliance with the applicable data protection laws and guidelines and recommendations issued by the competent Supervisory Authorities, including the "Recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data" and "Recommendations 2/2020 on European Essential Guarantees for surveillance measures" issued by the European Data Protection Board (EDPB).
In particular, concerning the management of payment platforms integrated with the Website, your personal data may be subject to transfer to a country outside the EEA by the chosen payment platform provider, who acts as an independent data controller. We hereby inform you that such transfer, if it occurs, will be based on adequate safeguards, including, if applicable, the Standard Contractual Clauses for data protection issued by the European Commission. In any event, for more details, please visit the institutional web page and carefully read the privacy policy of the chosen payment platform provider to make the payment.
5. Automated Decisions
Under no circumstances will the personal data collected for the above-mentioned purposes be subject to automated processing, including profiling, as referred to in Article 22 of the GDPR.
6. Data Subject Rights
Consistent with the provisions of the GDPR, and subject to the conditions established by law, the Data Subject has the right to request the Controller, at any time, access to their Personal Data, correction, or cancellation of the same, or to object to their processing. The law also grants you the right to request the restriction of processing in the cases provided for in Article 18 of the GDPR.
In cases falling under Article 20 of the GDPR, the Data Subject has the right to receive, in a structured, commonly used, and machine-readable format, the data concerning them, and, if technically feasible, to transmit such data to another controller without hindrance.
You also have the right, under Article 7(3) of the GDPR, to withdraw your consent at any time through the appropriate section on the Website "Unsubscribe," or by sending an email to the following address: [email protected]
In any case, requests regarding your rights and/or seeking further clarifications may be addressed to the Controller at the aforementioned email address.
Finally, we remind you that you always have the right to lodge a complaint with the competent supervisory authority (Garante per la Protezione dei Dati Personali), in accordance with Article 77 of the GDPR, if you believe that the processing of Personal Data is not in compliance with the applicable regulations.
7. Updates
This Privacy Policy was published on September 20th, 2023 and may undergo changes over time, including, in connection with the possible entry into force of new sector regulations, the update or provision of new services, or the occurrence of technological innovations. We will inform you of such changes as soon as they are introduced, and they will be binding as soon as they are published. Therefore, we invite you to regularly visit the "Terms and Conditions > Privacy" section of the Website to stay informed about the latest and updated version of the Privacy Policy regarding the processing of personal data, so that you are always informed about the data collected and how we use it.