Info Privacy and Cookie
Information pursuant to art. 13 of the Regulation (EU) n. 679/2016 (“GDPR”)
Bags & Bike by Massimo Cassese VAT number: 01508230560 Registered office in Location Colonia Elisabetta, Lotto 12 01016 TARQUINIA (hereinafter referred to as HOLDER ) protects the confidentiality of personal data and guarantees to them the necessary protection from any event that could put them at risk of violation .
As required by the European Union Regulation no. 679/2016 (“GDPR”), and in particular to the art. 13, below we provide the user (hereinafter referred to as INTERESTED ) the information required by law concerning the processing of their personal data.
Who we are and what data we process (article 13, paragraph 1 letter a, article 15, letter b GDPR)
BAGS & BIKE DI MASSIMO CASSESE , in the person of its legal representative pt, operates as DATA CONTROLLER of the treatment and can be contacted at firstname.lastname@example.org and collects and / or receives information concerning the interested party, such as:
|Data category||Exemplification of data types|
|Personal data||Name, Surname, Physical Address, Nationality, Province and Municipality of Residence, Landline and / or Mobile Phone, Fax, Fiscal Code, Address / s e-Mail|
|Banking data||IBAN and bank / postal data (except credit card number)|
|Data of telematic traffic||Log, IP address of origin.|
OWNER does not require the INTERESTED to provide “special” data, or, according to the provisions of the GDPR (Article 9), personal data revealing racial or ethnic origin, political opinions, religious or philosophical convictions, or union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data relating to the health or sexual life or sexual orientation of the person. In the event that the service requested by the OWNER imposes the processing of such data, the INTERESTED person will receive prior notice and will be asked to give the appropriate consent.
The HOLDER appointed a Head of the Protection of Personal Data ( Data Protection Officer -DPO) who can be contacted for all information and requirements:
For what purposes we need the data of the INTERESTED PARTY (Article 13, 1st paragraph GDPR)
The data are used by the OWNER to follow up the registration request and the contract for the supply of the selected Service and / or the purchased Product, manage and execute the contact requests sent by the INTERESTORATE, provide assistance, fulfill legal and regulatory obligations. which the HOLDER is held according to the activity exercised. In no case TITULAR resells the personal data of the INTERESTED PART to third parties or uses them for purposes not declared.
In particular the data of the INTERESTED will be processed for:
- a) registration and contact requests and / or information material
The processing of personal data of the INTERESTED takes place to carry out the preliminary activities and consequent to the request for registration, the management of requests for information and contact and / or sending information material, as well as for the fulfillment of any other obligation arising.
The legal basis of these treatments is the fulfillment of the services inherent to the request for registration, information and contact and / or sending of informative material and compliance with legal obligations.
- b) management of the contractual relationship
The processing of personal data of the INTERESTED takes place to carry out preliminary activities and consequent to the purchase of a Service and / or a Product, the management of the related order, the provision of the Service itself and / or production and / or the shipment of the purchased Product, the related invoicing and management of the payment, the handling of complaints and / or reports to the assistance service and the provision of the assistance itself, the prevention of fraud and the fulfillment of any other obligation arising from the contract.
The legal basis of these treatments is the fulfillment of the services inherent in the contractual relationship and compliance with legal obligations.
- c) promotional activities on Services / Products similarto those purchased by the INTERESTED PART (Recital 47 GDPR )
The DATA CONTROLLER, even without your explicit consent, may use the contact details provided by the INTERESTED PARTICIPATE, for the purpose of direct sale of their Services / Products, limited to the case in which they are Services / Products similar to those object of the sale, unless the interested party does not explicitly oppose it.
- d) the commercial promotion activities on Services / Products differentfrom those purchased by the INTERESTED PARTY
The personal data of the INTERESTED PARTY may also be processed for purposes of commercial promotion, surveys and market research with regard to Services / Products that the HOLDER offers only if the INTERESTED has authorized the treatment and does not oppose this.
This treatment can be automated, in the following ways:
- telephone contact and can be done:
- if the INTERESTED has not revoked his consent for the use of the data;
- if, in the event that the processing takes place through contact with the telephone operator, the INTERESTED party is not registered in the register of oppositions referred to in the PR n. 178/2010;
The legal basis of such processing is the consent given by the INTERESTED prior to the treatment itself, which is revocable by the INTERESTED person freely and at any time (see Section III).
- e) computer security
The OWNER, in line with the provisions of Recital 49 of the GDPR, treats, also through its suppliers (third parties and / or recipients), the personal data of the INTERESTED party relating to traffic to a strictly necessary and proportionate extent to ensure the security of networks and information, ie the ability of a network or an information system to resist, at a given level of security, unforeseen events or illicit or malicious acts that compromise availability, authenticity, integrity and confidentiality of personal data stored or transmitted.
The OWNER will promptly inform the interested parties, if there is a particular risk of violation of their data without prejudice to the obligations arising from the provisions of art. 33 of the GDPR concerning notifications of violation of personal data.
The legal basis of these treatments is compliance with legal obligations and the legitimate interest of the OWNER to carry out processing related to purposes of protection of the company assets and security of the headquarters and systems of the OWNER.
- f) profiling
The personal data of the INTERESTED PARTY may also be processed for the purpose of profiling (such as analysis of the transmitted data and the selected Services / Products, proposing advertising messages and / or commercial proposals in line with the choices expressed by the users themselves) only in the event that the INTERESTED has provided an explicit and informed consent. The legal basis of such processing is the consent given by the INTERESTED prior to the treatment itself, which is revocable by the INTERESTED person freely and at any time (see Section III).
- g) fraud prevention (recital 47 and Article 22 of the GDPR)
- the personal data of the INTERESTED PARTY, with the exception of the special (Art 9 GDPR) or judicial (Art 10 GDPR) will be processed to allow controls to monitor and prevent fraudulent payments, by software systems that perform a verification in order automated and preliminary to the negotiation of Services / Products;
- exceeding these checks with a negative result will make it impossible to carry out the transaction; the INTERESTED may in any case express his opinion, obtain an explanation or contest the decision motivating his reasons for Customer Service or contact email@example.com ;
- personal data collected for the sole purpose of anti-fraud, unlike the data necessary for the correct execution of the requested service, will be immediately canceled at the end of the control phases.
- h) the protection of minors
The Services / Products offered by the OWNER are reserved for subjects legally able, on the basis of the national reference legislation, to conclude contractual obligations.
The OWNER, in order to prevent illegitimate access to its services, implements prevention measures to protect its legitimate interest, such as the control of the tax code and / or other checks, when necessary for specific Services / Products, the correctness of the data identification of identity documents issued by the competent authorities.
Communication to third parties and categories of recipients (Article 13, 1st paragraph GDPR)
The disclosure of personal data of the INTERESTED PARTY takes place primarily with regard to third parties and / or recipients whose activity is necessary for the performance of activities related to the relationship established and to meet certain legal obligations, such as:
|Company BAGS & BIKE DI MASSIMO CASSESE||Administrative, accounting and contractual obligations,|
|Third-party suppliers and BAGS & BIKE DI MASSIMO CASSESE *||Provision of services (assistance, maintenance, delivery / delivery of products, provision of additional services, network providers and electronic communication services) related to the requested service|
|Credit and digital payment institutions, banking institutions
|Management of collections, payments, refunds related to the contractual performance|
|External professionals / consultants and consulting firms||Fulfillment of legal obligations, exercise of rights, protection of contractual rights, recovery of credit|
|Financial administration, public bodies, judicial authorities, supervisory authorities and control||Compliance with legal obligations, defense of rights; lists and registers held by public authorities or similar bodies on the basis of specific legislation, in relation to the contractual performance|
|Formally delegated subjects or having a recognized legal title||Legal representatives, curators, tutors, etc.|
* The OWNER imposes on the Third Party’s own suppliers and the Data Processors the respect of security measures equal to those adopted towards the INTERESTED, restricting the perimeter of action of the Manager to the treatments connected to the requested service.
The DATA CONTROLLER does not transfer your personal data to countries where GDPR (non-EU countries) is not applied except for specific indications to the contrary for which the INTERESTED person will be informed in advance and, if necessary, your consent will be requested .
The legal basis of these treatments is the fulfillment of the services inherent to the relationship established, compliance with legal obligations and the legitimate interest of BAGS & BIKE DI MASSIMO CASSESE to carry out the necessary treatments for these purposes.
What happens if the INTERESTED person does not provide his data identified as necessary for the execution of the requested service? (Article 13, paragraph 2, letter and GDPR)
The collection and processing of personal data is necessary to follow up the requested services as well as the provision of the Service and / or the supply of the requested Product. If the INTERESTED person does not provide the personal data expressly envisaged as necessary within the order form or the registration form, the HOLDER may not proceed with the processing of the requested services and / or the contract and the Services / Products connected to it, or to the obligations that depend on them.
What happens if the INTERESTED does not give consent to the processing of personal data for commercial promotion activities on Services / Products different from those purchased?
In the event that the INTERESTED does not give his consent to the processing of personal data for such purposes, said processing will not take place for the same purposes, without this having effects on the provision of services requested, nor for those for which he has already consent if requested.
In the event that the INTERESTED has given his consent and should subsequently revoke it or oppose the treatment for commercial promotion activities, his data will no longer be processed for such activities, without this having consequences or detrimental effects for the INTERESTED party and for the requested services.
How we process the data of the INTERESTED PARTY (Article 32 GDPR)
The OWNER shall use appropriate security measures in order to preserve the confidentiality, integrity and availability of personal data of the INTERESTED party and imposes similar security measures on third parties and on the Managers.
Where we process the data of the INTERESTED
The personal data of the INTERESTED PARTY are stored in paper, computer and electronic archives located in countries where the GDPR (EU countries) is applied.
How long are the INTERESTED data stored? (Article 13, paragraph 2, letter to GDPR)
Unless the latter expressly express their will to remove them, the personal data of the INTERESTED PARTY will be retained until they are necessary with respect to the legitimate purposes for which they were collected.
In particular, they will be kept for the entire duration of their registration and in any case no longer than a maximum period of 12 (twelve) months of inactivity, or if, within this period, no Services and / or purchased Products are associated the registry itself.
In the case of data provided to the OWNER for the purposes of commercial promotion for services other than those already acquired by the INTERESTED, for which he initially consented, these will be retained for 24 months, subject to revocation of the consent given.
In the case of data provided to the DATA CONTROLLER for the purposes of profiling, these will be kept for 12 months, subject to revocation of the consent given.
It should also be added that, in the event that the INTERESTED person sends to the OWNER personal data not requested or not necessary for the execution of the requested service or for the provision of a service closely connected to it, the DATA CONTROLLER can not be held responsible for these data, and will delete them as soon as possible.
Regardless of the determination of the INTERESTED PARTY to remove them, the personal data will in any case be kept according to the terms established by current legislation and / or national regulations, for the sole purpose of guaranteeing the specific requirements of some Services.
Furthermore, personal data will in any case be kept for the fulfillment of the obligations (eg fiscal and accounting) that remain even after the termination of the contract (Article 2220 of the Civil Code); for these purposes the HOLDER will keep only the data necessary for the relative prosecution.
Except in cases where the rights deriving from the contract and / or registration, in which case the personal data of the INTERESTED, exclusively those necessary for such purposes, will be processed for the time necessary to their pursuit.
What are the rights of the INTERESTED? (Art. 15 – 20 GDPR)
THE INTERESTED has the right to obtain from the DATA CONTROLLER the following treatment:
- the confirmation that personal data is being processed or not, and in this case, to obtain access to personal data and the following information:
-the purpose of the processing;
– the categories of personal data in question;
- the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if recipients of third countries or international organizations;
- whenever possible, the retention period of the personal data provided or, if not possible, the criteria used to determine this period;
- the existence of the right of the INTERESTED to ask the DATA CONTROLLER to rectify or delete personal data or limit the processing of personal data concerning him or to oppose their treatment;
- the right to lodge a complaint with a supervisory authority;
- if the data are not collected from the INTERESTED, all the information available on their origin;
- the existence of an automated decision-making process, including profiling, and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such treatment for the INTERESTED.
- the appropriate guarantees provided by the third country (non-EU) or an international organization to protect any data transferred
- the right to obtain a copy of the personal data being processed, provided that this right does not affect the rights and freedoms of others; In case of further copies requested by the INTERESTED PARTNER, the DATA CONTROLLER may charge a reasonable cost contribution based on costs
- the right to obtain from the DATA CONTROLLER the correction of inaccurate personal data concerning him without undue delay
- the right to obtain from the DATA CONTROLLER the cancellation of personal data concerning him without undue delay, if the reasons provided for by the GDPR in art. 17, among which, for example, in the case in which they are no longer necessary for the purposes of the processing or if this is assumed to be illegal, and the conditions provided for by law still exist; and in any case if the treatment is not justified by another equally legitimate reason;
- the right to obtain from the DATA CONTROLLER the limitation of processing, in the cases provided for by art. 18 of the GDPR, for example where you have challenged its accuracy, for the period necessary for the OWNER to verify its accuracy. THE INTERESTED must be informed, in reasonable time, also of when the suspension period has been completed or the cause of the limitation of treatment has ceased, and therefore the limitation itself revoked;
- the right to obtain communication from the OWNER of the recipients to whom the requests for any corrections or cancellations or limitations of the processing have been transmitted, unless this proves impossible or involves an effort
- the right to receive, in a structured format, in common and automatic way, the personal data concerning him and the right to transmit such data to another DATA CONTROLLER of the treatment without impediments by the OWNER of the treatment to which he / she supplied them; cases foreseen by the art. 20 of the GDPR, and the right to obtain the direct transmission of personal data from a DATA CONTROLLER to the other, if technically
For any further information and in any case to send your request you must contact the OWNER at firstname.lastname@example.org . In order to ensure that the rights mentioned above are exercised by the INTERVENTER and not by unauthorized third parties, the HOLDER may request the same to provide any additional information necessary for the purpose.
How and when can the interested party oppose the processing of their personal data? (Article 21 GDPR)
For reasons relating to the particular situation of the INTERESTED PARTY, the same may oppose at any time the processing of their personal data if it is based on legitimate interest or if it takes place for commercial promotion activities, sending the request to the DATA CONTROLLER at info @ bags -bike.com.
THE INTERESTED PERSON has the right to cancel his personal data if there is no legitimate overriding reason for the HOLDER with respect to the one that gave rise to the request, and in any case in case the INTERESTED has opposed the treatment for commercial promotion activities.
To whom can the interested party submit a complaint? (Article 15 GDPR)
Without prejudice to any other action in administrative or judicial proceedings, the INTERESTED person may lodge a complaint with the competent supervisory authority on the Italian territory (Authority for the protection of personal data) or the one carrying out its duties and exercising its powers in the Member State where the GDPR violation took place.
Each update of this Information will be promptly communicated and by means of appropriate means and will also be notified if the DATA CONTROLLER processes the data of the INTERESTED for further purposes than those referred to in this Notice before proceeding and following the manifestation of the relative consent of the INTERESTED if necessary.
General information, deactivation and management of cookies
Cookies are data that are sent from the website and stored by the internet browser on the computer or other device (for example, tablet or mobile phone) of the user. Technical cookies and third-party cookies may be installed on our website or by sub-domains.
In any case, the user can manage, or request general deactivation or cancellation of cookies, modifying the settings of his internet browser. This deactivation, however, may slow down or prevent access to some parts of the site.
The settings to manage or disable cookies may vary depending on the internet browser used, therefore, for more information on how to perform such cookies
operations, we suggest you to consult the manual of your device or the “Help” or “Help” function of your internet browser.
Below are the links to the Users that explain how to manage or disable cookies for the most popular Internet browsers:
- Internet Explorer: http://windows.microsoft.com/it-IT/internet-explorer/delete-manage-cookies
- Google Chrome: https://support.google.com/chrome/answer/95647
- Mozilla Firefox: http://support.mozilla.org/it/kb/Gestione%20dei%20cookie
- Opera: http://help.opera.com/Windows/10.00/it/cookies.html
- Safari: https://support.apple.com/kb/PH19255
The use of technical cookies, that is cookies necessary for the transmission of communications on the electronic communication network or cookies strictly necessary to the supplier to provide the service requested by the customer, allows the safe and efficient use of our site.
Session cookies may be installed in order to allow access to and access to the reserved area of the portal as an authenticated user.
Technical cookies are essential for the proper functioning of our website and are used to allow users normal browsing and the opportunity to take advantage of the advanced services available on our website. The technical cookies used are distinguished in session cookies, which are stored exclusively for the duration of navigation until the browser is closed, and persistent cookies that are saved in the user’s device memory until their expiration or cancellation by the user same. Our site uses the following technical cookies:
- Technical browsing or session cookies, used to manage normal browsing and user authentication;
- Functional technical cookies, used to store customizations chosen by the user, such as, for example, the language;
- Technical analytics cookies, used to know the way in which users use our website so as to be able to evaluate and improve the service
Third-party cookies may be installed: these are cookies, analytical and profiling, Google Analytics, Google Doubleclick, Criteo, Rocket Fuel, Youtube, Yahoo, Bing and Facebook. These cookies are sent from the websites of the aforementioned third parties external to our site.
The analytical cookies of third parties are used to detect information on the behavior of users on the site. The survey takes place anonymously, in order to monitor the performance and improve the usability of the site. Third-party profiling cookies
parts are used to create profiles related to users, in order to propose advertising messages in line with the choices expressed by the users themselves.
The use of these cookies is governed by the rules set by the third parties themselves, therefore, users are invited to view the privacy policies and indications to manage or disable cookies published on the following web pages:
For Google Analytics cookies:
- indications to manage or disable cookies: https://support.google.com/accounts/answer/61416?hl=it
For Google Doubleclick cookies:
- indications to manage or disable cookies: https: // www. go com / settings / ads / plugin
For Criteo cookies:
- indications to manage or disable cookies: http://www.criteo.com/it/privacy/
For Facebook cookies:
- indications to manage or disable cookies: https: // www. does com / help / cookies /
For CrazyEgg cookies:
- indications manage or disable cookies: https: //www.crazy com / cookies /
For Rocket Fuel cookies:
- indications to manage or disable cookies: http://rocketfuel.com/it/cookie-policy/
For Youtube cookies:
- indications to manage or disable cookies: https://support.google.com/accounts/answer/61416?hl=it
For Yahoo cookies:
For Bing cookies:
They can be installed by the TITULAR / s, through web analytics software , profiling cookies, which are used to prepare detailed and real-time analysis reports on information about: visitors to a website, search engines search of origin, keywords used, language of use, most visited pages.
The same can collect information and data such as IP address, nationality, city, date / time, device, browser, operating system, screen resolution, navigation source, pages visited and number of pages, duration of the visit, number of visits.
Such data may be transferred to each of the BAGS & BIKE DI MASSIMO CASSESE Companies , in compliance with and with the limitations imposed by current legislation and the provisions of this Information Notice .