This page describes how the information contained on the website www.everydayforfuture.it is managed, with reference to the processing of personal data of the users who consult it or who access the e-commerce service by registering and purchasing products online.
The “DATA CONTROLLER”
After browsing this website, data relating to identified or identifiable individuals may be processed. The “Data Controller” is ALLMYFY with registered office at Via Mattei 14, 20005 Pogliano Milanese (MI), VAT number 10397480962, REA (Economic Administrative Index) number MI 2528208, share capital €10,000.00 (hereafter, the “Company”).
PLACE OF DATA PROCESSING AND ENTITIES RESPONSIBLE FOR PROCESSING
The processing connected to the web services of this website takes place at the Company’s headquarters. The data are only handled by employees and collaborators authorised to process information in their role as authorised data processors. The data may also be processed by any persons in charge of occasional maintenance or management of the website, as well as by shipping carriers, legal and accounting consultants, and also by credit institutions and the like. These persons will operate as independent controllers or data processing officers. The Data Protection Officer (DPO) is the lawyer Michela Maggi; PEC certified email address email@example.com and regular email address firstname.lastname@example.org.
TYPES OF DATA PROCESSED
During their normal operation, computer systems and software procedures involved in the running of this website acquire certain personal data, the transmission of which is implicit in the use of internet communication protocols.
These data are not collected to be associated with identified data subjects, but by their very nature could allow users to be identified through processing and association with data held by third parties.
This category of data includes IP addresses or domain names of the computers used by users who connect to the website, URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s IT environment.
These data are only used to gather anonymous statistics about the use of the website and to check that it is functioning correctly. They are deleted immediately after processing. The data could be used to ascertain liability in the event of any computer crimes against the website. Currently, save in those circumstances, data concerning web contacts are not stored for more than seven days.
COOKIES AND OTHER TRACKING TOOLS
Data concerning curricula sent spontaneously to the dedicated email address.
The personal data contained in the curricula sent to the email addresses indicated on the website will be used solely for the purpose of evaluating the candidates’ profiles and the selection process. If the candidate is unsuccessful, these data will be cancelled after seven days. We may also use your data to respond to any requests you send to the Company.
If sensitive data is sent (relating, in particular, to racial and ethnic origin, religious, philosophical or other beliefs, political opinions, membership in parties, trade unions, associations or religious, philosophical, political or trade union organisations, as well as personal data that might reveal the subject’s state of health and sexual orientation), these data will be immediately deleted in the absence of a written declaration from the interested party consenting to their processing by the Company. We kindly ask you not to send us any document containing your personal data if you do not want your data to be processed in the manner and for the purposes described in this document.
Data submitted voluntarily by the user or otherwise collected by the Data Controller.
These are the data of the subjects who access the web page and fill out the related registration or purchase form in order to adhere to the sale and delivery conditions (including given name, surname, VAT number in the case of a sole proprietorship or another type of company, email address, billing and shipping address for the purchased goods, telephone number, tax code, choice of payment method, as well as by logging on to the page). Buyers are required to provide truthful, correct and updated personal data in order to create and manage the contractual relationship with the Data Controller and to proceed with purchases correctly. The user acknowledges that in the event that they do not provide true, correct and up-to-date personal data, the Data Controller will be unable to provide its services correctly.
METHOD AND PURPOSE OF PROCESSING
Your personal data may be processed by the Company, in paper format or using automated tools, for the time strictly necessary to achieve the purposes for which the data was collected.
Apart from what is specified for browsing data and cookies that are regulated in the extended information notice, the personal data provided by users are processed for the following purposes:
1) for browsing the website;
2) to respond to any requests from users, also in relation to CVs sent;
3) to conclude contracts for the purchase of products online via the e-commerce platform and to manage all stages of the sale, shipping, payment, billing, delivery and anything else necessary for this purpose.
4) for Legal defence requirements in and out of court.
5) for contacting those who have already made purchases on this website and are already customers of the Company to offer them products similar to those already purchased, exclusively via email;
6) subject to the user’s consent, the user’s given name, surname, telephone number, email address and postal address will be used for marketing purposes or to send them newsletters and commercial offers and/or products marketed by the Data Controller or third parties, even if not similar to those already purchased by the user, or to send invitations to participate in events or competitions, market analysis, via email, SMS, MMS, telephone and post.
7) subject to the user’s consent, data may be used during registration such as the user’s given name, surname and email for profiling activities or to analyse preferences, habits, behaviours, and interests deduced, for example, from online clicks on articles/sections of the website, and to send targeted offers to the user. The processing of your personal data for profiling purposes will take place, in the event you grant your consent, with data processing tools that, following cross-referencing, will create your commercial and behavioural profile on the web. This data processing tool links the data collected during your browsing on the Websites through the use of first and third-party profiling cookies accepted by you with the data collected via your registration by means of the relevant forms. Furthermore, such data and/or information will be associated with any and/or additional data and/or information already in our possession following your adhesion to our services. This activity may be carried out directly by the Data Controller or by subjects who will operate on behalf of the Data Controller and who will be appointed as data processors (including, by way of example and not limited to Facebook, in accordance with the policies and appointments referred to via the following link: https://www.facebook.com/legal/terms/dataprocessing).
Apart from what is specified for navigation data, cookies are regulated as defined in the extended information notice. The provision of data for the purposes of sending requests for information and CVs is optional. However, failure to provide these data will make it impossible for the Data Controller to process the requests received and to examine the CVs. The provision of data for the purchase of products is necessary. Failure to provide these data will make it impossible for the Data Controller to conclude the contract correctly.
The provision of data for the purposes referred to in No. 5) above is optional. The user can, at any time, object to the processing without compromising the aims of purchasing or browsing. The provision of data for marketing purposes referred to in No. 6) above is optional. Failure to provide these data or consent to this processing will prevent advertising materials from being sent and prevent the Data Controller from contacting the user through the means indicated for the purpose of invitations to events and competitions, sales and market analysis without compromising the aims of purchasing or browsing. The provision of data for the purposes of profiling referred to in No. 7) is optional. Failure to provide these data or consent to this processing will prevent the activity of analysing preferences and sending targeted advertising to the user without compromising the aims of purchasing or browsing.
LEGAL BASIS OF PROCESSING AND DATA RETENTION PERIODS
The legal basis of the processing for browsing on the website referred to in No. 1) is the legitimate interest of the Company’s owner to offer the possibility to access the website and allow access to the navigation services: the data are stored for the time specified above and in the extended cookie information. The legal basis of the data processing relating to requests received via the dedicated email address for the receipt of CVs referred to in No. 2) is the Data Controller’s legitimate interest: the data are kept for the time necessary to process the requests received and are deleted after seven days unless contact is established which will be subject to a subsequent information notice. The legal basis of the processing for the purpose of buying/selling products through the e-commerce platform referred to in No. 3) is the execution of the contract and the fulfilment of legal obligations: the data retention time will be for a maximum of 10 years from the termination of the contract in accordance with the law.The data retention period for the purpose of legal defence in or out of court referred to in No. 4) may be longer than ten years from the termination of the contract and will be based on the time required for legal action or the settlement of any disputes or complaints. The data retention period for the purpose of direct sales and commercial offers to customers referred to in No. 5) corresponds to the time in which the relationship between the Company and the customer exists and cannot last longer than five years from the termination of the contract. The data retention period for the purposes of marketing and commercial offers to customers referred to in No. 6) and profiling referred to in No. 7) will be two years, from the date the interested party grants their consent.
The Data may be processed by external parties operating as independent controllers such as, for example, Authorities and supervisory and control bodies and, in general, public and private entities who have a right to request the data, Public Authorities who expressly request them from the data controller for administrative or institutional purposes, in accordance with the provisions of current national and European legislation, as well as persons, companies, associations or professional firms that provide assistance and advice.
The Data may also be processed, on behalf of the data controller, by external subjects designated as Data Processors (pursuant to Art. 28 of the GDPR), who are given adequate operating instructions. These subjects are essentially included in the following categories:
- companies that offer website and information systems maintenance services;
- companies that offer support in carrying out market research;
- companies that carry out management and maintenance services of the Joint Controllers’ database;
- companies that offer email sending services;
- companies that offer marketing automation platform management services.
If you grant your explicit consent, your personal data may be processed by third parties to whom the data are disclosed.
TRANSFER OF DATA TO COUNTRIES OUTSIDE OF THE EUROPEAN UNION
The data may be transferred abroad to non-European countries, and in particular to the United States, only after verifying the Standard Contractual Clauses adopted/approved by the European Commission pursuant to Art. 46, par. 2, letters c) and d) of the GDPR or the binding corporate rules referred to in Art. 47 of the GDPR or, failing that, by virtue of one of the derogations referred to in Art. 49 of the GDPR.
RIGHTS OF DATA SUBJECTS
With regard to the aforementioned data processing, you can exercise the rights referred to in Article 13 of the GDPR 679/16, as further expressed in Articles 15-16-17-18-20-21 and 22 of GDPR 679/16. Specifically, you will have the right to:
- Obtain confirmation of whether or not any personal data about you exists, even if the data have not yet been recorded, and to receive copies of any such data in an intelligible format;
- Ask the Data Controller for access to personal data, in addition to the right to data portability;
- Have the data updated, corrected or, where applicable, or supplemented;
- Object, in whole or in part: a) for legitimate reasons, to the processing of personal data about you, even if pertinent to the purpose for which they were collected; b) to the processing of personal data about you for the purpose of sending advertising materials or direct selling or for carrying out market research or commercial communication;
- Have data deleted, changed to anonymous form or blocked if they have been processed unlawfully, including data that do not need to be retained for the purposes for which they were collected or subsequently processed;
- Revoke consent at any time without prejudice to the lawfulness of the processing based on the consent given before the revocation, in the cases provided for by law;
- Lodge a complaint with a supervisory authority;
- Obtain confirmation that the procedures mentioned in points 4 and 6 have been brought to the attention, including their content, of those to whom said data have been communicated or transmitted, except when such communication proves impossible or involves manifestly disproportionate means with respect to the right protected.
In any case, you can exercise your rights by sending a request to the following email address: email@example.com