This page describes how the information contained on the website www.everydayforfuture.it is managed, with reference to processing the personal data of users who access and/or register for consultation or to use the e-commerce service.
The information is provided pursuant to Article 13 of European Regulation 2016/679 (hereinafter "GDPR") to all those who access the site, and only for the site in question.
Following consultation and/or registration on this site, data relating to identified or identifiable persons may be processed. The Data Controller is ALLMYFY with registered office at Via Mattei 14, 20005-Pogliano Milanese (MI), VAT No. 10397480962, REA (Economic Administrative Index) number MI 2528208, share capital €10,000.00 (hereinafter, the "Company").
The Data Controller has appointed a Data Protection Officer (DPO), the lawyer Michela Maggi, who can be contacted at the following addresses: firstname.lastname@example.org and email@example.com.
TYPES OF DATA PROCESSED
During their normal operation, computer systems and software procedures used to operate this website acquire certain personal data, whose transmission is implicit in the use of internet communication protocols.
This information is not collected to be associated with identified data subjects but by its very nature could, through processing and association with data held by third parties, enable users to be identified.
This category includes IP addresses or domain names of computers used to connect to the website, URI (Uniform Resource Identifier) addresses of the requested resources, time of the request, method used to submit the request to the server, size of the file obtained in response, digital code indicating the server response status (successful, error etc.), and other parameters pertaining to the user's operating system and IT environment.
This data is only used to obtain anonymous statistics about the usage of the website and to check that it is functioning correctly; it is deleted immediately after processing. The data could be used to ascertain liability in the event of any computer crimes against the website: currently, except for this possibility, data concerning web contacts is not stored for more than seven days.
Cookies are small text files that are stored on your computer and can be read remotely by the Data Controller's servers and/or by third parties. This site uses different types of cookies:
- technical cookies, necessary for the technical supply of the service and to allow the user to browse the website safely and efficiently
- statistical cookies, used with the data subject's consent, which collect and transmit information anonymously and thereby allow the website's owner to analyse and monitor traffic data
- profiling cookies, used with the data subject's prior consent, which analyse user browsing to create statistics on visits or improve the content offered by positioning any targeted advertising based on the preferences the user shows while browsing web pages online.
All cookies other than technical cookies are installed or activated only after users have given their consent the first time they visit the site. Consent can be expressed by interacting with the brief information banner on the site's landing page, in the manner indicated therein. Consent will be tracked during subsequent visits. However, the user always has the right to revoke, entirely or partially, the consent already given.
PERSONAL DATA PROVIDED BY THE USER
For example: first name, surname, date of birth, address, city, province, country, phone number, email address, credit/debit card number, expiry date and billing information.
METHOD AND PURPOSE OF PROCESSING
Your personal data will be processed by the Company using automated and electronic tools for the time strictly necessary to achieve the purposes for which it was collected.
Apart from what is specified for browsing data, the personal data provided by users is processed for the following purposes:
- browsing the website;
- meeting any user requests, including in relation to CVs sent;
- carrying out the registration process, as well as issuing and managing the credentials needed to consult/create a wishlist, purchase any products on the website and consult the purchase history;
- concluding contracts for purchasing products online via the e-commerce platform and managing all stages of sale, shipping, payment, billing and delivery;
- anonymous statistical processing of the use, access and consultation of the websites
- contacting those who have already made purchases on this site and are already customers of the Company to offer them products similar to those already purchased, exclusively via email;
- marketing or to send them newsletters and commercial offers and/or products marketed by the Data Controller or third parties, even if not similar to those already purchased by the user, or invitations to participate in events, competitions or market analysis, by email, SMS, MMS, phone or traditional post;
- profiling or to analyse preferences and send targeted offers to the user;
- legal defence requirements in and out of court.
LEGAL BASIS OF PROCESSING AND DATA RETENTION PERIODS
The legal basis of the processing referred to in no. 6) above is the data subject's consent. The data will be kept for the time necessary to carry out the purpose and in any case no longer than 5 years from the termination of the contract between the user and the Data Controller.
The legal basis of the processing referred to in nos. 7) and 8) above is the data subject's consent. The data will be kept for 2 years from the date when the data subject grants consent.
The legal basis of the processing referred to in no. 9) above is the Data Controller's legitimate interest in defending its right or interest before any competent authority or body. The data retention time may be longer than 10 years from the termination of the contract between the user and the Data Controller and will follow the timings of justice or the definition of any disputes or complaints.
NATURE OF DATA PROVISION
Except as specified for browsing data and the contents of the extended information on cookies, providing data is optional and the user can oppose the processing at any time without affecting the browsing purposes. It remains understood that refusal to provide personal data will make it impossible to respond to users' requests and/or allow them to purchase the products on the website. Failure to give consent for the purposes referred to in nos. 5), 6), 7) and 8) will not allow the Data Controller to pursue the indicated purposes only.
PLACE OF DATA PROCESSING AND ENTITIES RESPONSIBLE FOR PROCESSING
Processing connected to the aforementioned website takes place at the Company's headquarters, on the Data Controller's servers located within the European Union, and is handled by employees and collaborators authorised for this purpose. Data may also be processed and stored by any authorised third parties, on servers located both inside and outside the European Union, such as, by way of example and not limited to, suppliers of technical services for occasional maintenance or management of the website, social media and advertising companies: these entities will operate as external data processors.
TRANSFER OF PERSONAL DATA
With regard to any transfer of data to third countries, the Data Controller ensures henceforth that data processing outside the European Union will take place in accordance with the applicable legal provisions by stipulating, if necessary, agreements that guarantee an adequate level of protection and/or adoption of the standard contractual clauses envisaged by the European Commission.
In the absence of an adequacy decision by the European Commission, any personal data processing in non-EU countries will only be possible if suitable contractual or treaty guarantees exist, including binding corporate rules and standard contractual data protection clauses, on the part of the Data Controllers and Processors involved.
In the absence of an adequacy decision or other appropriate measures as described above, personal data will only be transferred and processed by third parties outside the European Union with the data subject's consent.
RIGHTS OF DATA SUBJECTS
With regard to the aforementioned data processing, you can exercise the rights referred to in Article 13 of the GDPR, as described in more detail in Articles 15 et seq., and specifically you will have the right to:
- Obtain confirmation of whether or not any personal data about you exists, even if the data has not yet been stored, and receive notification in an intelligible format;
- Ask the Data Controller for access to personal data, in addition to the right to data portability;
- Have the data updated, corrected, where applicable, or supplemented;
- Object, in whole or in part: a) for legitimate reasons, to the processing of personal data concerning yourself, even if pertinent to the purpose of the collection; b) to the processing of personal data concerning yourself for the purpose of sending advertising materials or direct selling or for carrying out market research or commercial communications
- Have data deleted, changed to anonymous form or blocked if it has been processed unlawfully, including data whose retention is unnecessary for the purposes for which it was collected or subsequently processed;
- Revoke consent at any time without prejudice to the lawfulness of the processing based on the consent given before the revocation, in the cases provided for by law;
- Lodge a complaint with a supervisory authority;
- Obtain confirmation that the above procedures in points 4 and 6 have been brought to the attention, including their content, of those to whom said data has been communicated or transmitted, except when such communication proves impossible or involves manifestly disproportionate means with respect to the right protected.
In any case, you can exercise your rights by sending a request to the following email address: firstname.lastname@example.org