Legal basis and purpose of the processing
The Data Controller processes the personal data for the following purposes:
- to allow the User to register in the reserved area and to carry out all the purchase procedures, and also to allow the Data Controller to carry out all the administrative, commercial, accounting and tax activities arising from online sales and, more generally, to comply with all the legal requirements;
- upon specific and express consent, to use the contact details of the Data Subject (email address, landline and mobile telephone number, postal address) to carry out opinion polls and satisfaction surveys on the quality of the products and services offered by SCARPA, to transmit commercial communications containing information on products or services, as well as promotions or invitations to events in which the Data Controller will participate. For this purpose, express consent is required, which may be given and withdrawn even for only some of these activities by writing to the email address below (hereinafter “Marketing Purposes”).
The Data Controller intends to process the data according to the following time criteria:
- once the purchase has been completed, in order to fulfil all related or ensuing obligations, for the period of time prescribed by law and according to the period of prescription of the rights arising from the commercial relationship, without prejudice to further retention for the time necessary to resolve (or settle) any disputes that may have arisen;
- for the purposes referred to in point 2), the data will be processed for twenty-four months from the last communication, regardless of the channel used: the Data Subject may withdraw the consent or however oppose the processing at any time.
The provision of data for the purposes referred to in point 1) is necessary, and therefore any refusal to provide said data in whole or in part may make it impossible for the Data Controller to pursue the above purposes. The provision for further purposes is optional: failing this, the Data Controller may not be able to carry out the corresponding activities, but will still be entitled to pursue the purposes referred to in point 1).
Categories of recipients
The Data Controller will not disclose the data, but may communicate them to people within the company who have been authorised to process said data as part of their duties, as well as to companies in charge of running the website, creating promotions and/or commercial communications, credit institutes, carriers/couriers, companies that handle the sending of promotional and advertising materials, companies that manage and maintain our archives (computer and/or paper), professionals or service companies, and public and private bodies, even following inspections and audits.
Should these recipients process data on behalf of the Data Controller, they will be appointed as Data Processors through an appropriate agreement or legal document.
Transfer of data to a third country and/or international organisation
To send the newsletter, the Company uses an external platform, whose servers are located in the United States. It should be noted that the provider declares its adherence to the agreement called Privacy Shield, which the European Commission considers to guarantee appropriate security measures.
Rights of Data Subjects
Data Subjects shall have the right to request the Data Controller to access their personal data and to rectify any inaccuracies, to erase them or limit their processing if the requirements are met, to object to their processing for legitimate interests pursued by the Data Controller, as well as obtain the portability of personal data only if they have been processed by automated means based on consent or on a contract. The Data Subject also has the right to withdraw the consent given for the processing purposes that require it, without this affecting the lawfulness of the processing carried out until the moment of withdrawal.
Data Subjects can exercise their rights by completing the form available here and sending it to the Data Controller at the email address: email@example.com. The Data Subject also has the right to lodge a complaint with the competent Supervisory Authority, i.e. the Italian Data Protection Authority (www.garanteprivacy.it).