This page is intended to inform visitors of the site of the methods of processing and management of personal data transmitted or otherwise acquired by the Owner Erboristeria Gaudium during navigation.
This information applies only to this site and does not extend to other websites that may be consulted via hyperlink.
In compliance with the provisions of articles 13 and 14 of the European Regulation 679/2016 concerning the protection of personal data of natural persons and taking into account the Recommendation no. 2/2001 of the Group established by art. 29 of Directive 95/6 / EC with regard to the minimum protection requirements for online data collection in the European Union, we inform you of the following.
Via Pierluigi da Palestrina 1, 20124 Milano MI
Type of data processed by our site and recipients
While browsing the www.myerboristeriamilano.com site, the following data are acquired and processed by the Data Controller, independently or through third parties:
- Navigation data
It is that personal data transmitted and automatically purchases with the mere connection to the site.This information is not collected by itself in order to identify the user, but by their very nature could actually allow identification.These are the IP addresses, the domain names of the computers or mobile devices used for the connection, the addresses in the URI (Uniform Resource Identifier) notation of the requested resources, the connection and request time, the request method and each another parameter related to the user’s operating system and its IT environment.
The recipients of this data are DHH Italia Srl (Artera)
- Data identifying the interested party voluntarily provided by the same
The personal identification data are provided voluntarily by the interested party and allow direct identification; it is, by way of example, the name, surname, address, date of birth, social security number, telephone number, e-mail address. These data must be provided voluntarily and explicitly by the user by filling in forms and are subsequently acquired by the Data Controller for the purposes of the processing and for those authorized by the data subject.
This type of data includes those that may be transmitted by the interested party in specific sections of the site for the purposes related to the purpose of the section itself and always prior consent from the interested party to the specific purpose (for example contact form or mailing list request) .
The interested party always assumes the responsibility of the personal data of third parties obtained, published and shared on our site and guarantees to have the right to communicate and disseminate them, freeing the holder from any responsibility towards the third parties in question.
Recipient of the data is the owner, who informs the data subject with specific privacy information and acquires the consent to the processing where necessary.
- Data identifying the data subject supplied via Cookies
Legal basis of the processing
The legal basis of the processing is the consent freely given by the user concerned at the time of providing his data and / or the need to execute the contract with the Owner.
The latter treats lawfully the data also to fulfill a legal obligation to which it is subject, where necessary to safeguard vital interests of the data subject or other physical person and where necessary to perform a task of public interest or connected to the exercise of public powers of which the owner was invested (Article 6 EU Regulation 2016/679).
The user is always entitled to know the concrete legal basis of the processing of his data by sending an express request to the contact details of the owner.
Purpose of the treatment
The user’s data are acquired and processed in order to provide their services and ensure the fulfillment of the contract signed with the interested party or fulfill any pre-contractual requests forwarded by the same (for example, the preparation and submission of an estimate).
The data are also purchases and processed for the following purposes: integration with social networks, external platforms and third parties (facebook, twitter, google +), profiling and statistics, communications with the user, viewing the content of external platforms (youtube and google maps) and interaction with them.
Methods of processing and details of the services used
The processing by the owner of the data acquired through the site and for the purposes identified above is through the use of computer and / or telematic tools, rarely paper and through management software.
The Data Controller handles the sending of mailing lists and / or newsletters only upon express consent to the processing by the user. The data collected are: e-mail address, name and surname. To unsubscribe from our newsletter, consult the newsletter, or contact the owner.
The Owner manages the online sale of physical products. By making a purchase in our online shop, the user registers automatically at the site. In fact, you can view and manage your orders, modify your personal data. To cancel the registration, contact the owner directly. The payment service is entrusted to third parties: Paypal and Gestpay.
The Owner manages the interaction with social networks and other external platforms through Like button and social widgets of FacebookP (Facebook, inc.) e Google+ social button and widget(Google, inc.), without the acquisition of user data. The interaction options are based solely on the owners of the social platforms.
The Owner uses the Tourmake’s service to show the internal tour of the store. This service is not directly integrated into the site, but on the Contact page you find the button that redirects to the Tourmake website.
The Data Controller has adopted appropriate technical and organizational measures to guarantee the protection of the data processed in compliance with current legislation, as well as an adequate security policy which includes training of the personnel in charge of the treatment so that the same ensures that the treatment is always carried out insecurity.
In case of appointment of data processors (for example hosting providers, IT companies, suppliers in general), the Data Controller ensures that they constantly operate in compliance with the provisions of the Law by adopting appropriate technical and organizational measures to protect the rights of the data subject.
Time and place of data retention
Personal data collected from this site are processed at the headquarters of the owner.
The data may be transferred to third parties and third countries outside the European Union only with the express consent of the user concerned and according to the procedures and purposes already indicated above. The user has the right to know in detail the security measures taken by the Data Controller to protect the data transmitted to third parties and outside the EU by sending a specific request to that effect at the extremes reported at the beginning.
Periodo di conservazione
User (interested party) rights
– The data subject is always entitled to access the data concerning him / her that are treated by the site, request correction and updating as well as the cancellation or limitation, unless it conflicts with the legal obligations of the owner (for example related to tax and taxation).
– The interested party has the right to oppose the processing without legal basis and for marketing purposes only (Article 21 EU Regulation 679/2016).
– The data subject has the right to the portability of data concerning him for the purpose of transmitting them from one data controller to another, according to the provisions of the Law (Article 20 of EU Regulation 679/2016).
– The interested party has the right to revoke the consent to the processing at any time without prejudice to the lawfulness of the treatment based on the consent previously given and in any case unless the treatment is imposed on the holder to comply with legal obligations.
– The interested party has the right to lodge a complaint with the Guarantor for the protection of personal data in any case in which he believes that the rights he enjoys under Italian and EU legislation regarding the protection of personal data have been violated.
– Where the Data Controller uses automated decision-making processes that produce legal effects on the data subject or has a similar impact on his / her person, in exercising his / her activities and for the purpose of contacting him / her, the data subject has the right to know in each the moment in which the logic on which these processes are based, as well as the importance and the expected consequences for this treatment in their regard.
– In carrying out its activity, the Data Controller performs the data of the interested profiling activity, intended as the use of such data to analyze or predict aspects concerning professional performance, economic situation, health, personal preferences, interests, the reliability, behavior, location or movements of the person concerned. The activities carried out by the site have been explained above, as well as the fact that they are based on the consent freely given by the user.
– The owner transfers to third parties and transfers to countries or international organizations in whole or in part the personal data of the interested party, in the presence of specific consent by the same and ensuring in any case adequate data protection in accordance with relevant legislation of personal data protection, as specified above. The interested party is informed of the appropriate guarantees adopted by the Data Controller to ensure constant data protection and to assure the data subject of the exercise of his rights, as well as the place where his data are available and the means to obtain a copy.
The interested party exercises his rights by sending emails to firstname.lastname@example.org or by calling +39 0266703620
This information is prepared in compliance with the principles of the 2016/679 EU regulation and of the recommendation n ° 2/2001 of the working group established by the art. 29 of the directive n ° 95/46 / CE.