PRIVACY DISCLOSURE PURSUANT TO ART. 13 OF REGULATION (EU) 2016/679
“Personal data” (under Art. 4, para. 1 of the EU Regulation) means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to his/her physical, physiological, genetic, mental, economic, cultural or social identity. Natural persons can be associated with online identifiers produced by devices, applications, instruments and protocols used, such as IP addresses, temporary markers (cookies) or other types of identifiers, such as radio frequency identification tags. Such identifiers can leave traces that, particularly if combined with unique identifiers and other information received from the servers, can be used to create profiles of natural persons and identify them. “Controller” (under Art. 4, para. 7 of the EU Regulation) means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. “Processing" (under Art. 4, para. 2 of the EU Regulation 2016/679), means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Who is the controller and where can I contact the controller?
This website is managed by Au Depart Italia S.r.l., which is the controller.
Company name: Au Depart Italia S.r.l.
Registered office address: Via del Duca Cino n. 5, Milan - Italy
E-mail address: firstname.lastname@example.org
Contact information for the data protection officer (DPO)
Company name: Au Depart Italia S.r.l.
Address: Via del Duca Cino n. 5, Milan - Italy
E-mail address: email@example.com
During navigation and for the purchase of products on the site “audepart.com" (hereinafter, the “Site”), Au Depart collects and processes the following personal data:
- personal data necessary to conclude and carry out the purchase on the site, such as first and last name, e-mail address, shipping address, invoicing address, telephone and payment information;
- e-mail address to subscribe to the newsletter service;
- personal data provided for contact with Customer Service to provide the requested assistance;
- personal data for commercial communications;
- to register the [Account], first and last name, e-mail address, password, gender and date of birth are collected. In addition, for registered users, information about access to the reserved area of the Site is collected. With express consent, by analysing personal data we can prepare information about a specific user’s interests and preferences regarding our products and services, in order to present proposals and offers that reflect the user’s tastes; and
- information about navigation on the site, such as the pages visited and how a user interacted with individual pages, saving this information on Au Depart’s servers.
Au Depart does not process personal data relating to minors. By accessing the Site and using the services offered by Au Depart, the user states that she/he is of legal age.
Purposes of the processing
Au Depart processes the data subject’s personal data using electronic and potentially hard-copy tools for the purposes described in the following table, which, for each of the purposes listed, specifies the legal basis, the categories of personal data, and the relevant retention period:
|Purposes of the processing the personal data will undergo||Legal basis for the processing||Categories of personal data subject to processing||Retention period of the personal data|
|Concluding and carrying out the contract to purchase the products||Contract||Identifying personal data||Until administrative and accounting processes are completed and for an additional 10-year period|
|Registration on the website and using the services offered to registered users||Contract||Identifying personal data||Until a request is received to cancel the account|
|Providing the services offered on the website||Contract||Identifying personal data||Until the service is terminated or a request is received to cancel registration to the service|
|Managing requests to Customer Service||Contract/ Consent||Identifying personal data||Until the request has been satisfied|
|Sending a CV and evaluating an applicant for an open position||Consent||Identifying personal data and particular data about health status||Until the 12 months|
|Statistical analyses and surveys to improve the products and services offered||Consent||Identifying personal data||Until the user unsubscribes from the service or asks that that activity be suspended|
|Sending commercial communications after a product is purchased||Consent||Identifying personal data||Until the service is terminated or the user objects by unsubscribing|
|Communications of a commercial nature about products and services (innovations, new arrivals, exclusives, offers and promotions) and to perform market research and customer satisfaction surveys to improve services and relations with users||Consent||Identifying personal data||Until the user unsubscribes from the service or asks that that activity be suspended and, in any event, within two years|
|Personalising registered users’ experience on the website, sending previews and offers reflecting users’ tastes and sending commercial communications that are personalised to users’ interests||Consent||Identifying personal data||Until the consent given for that activity is revoked or that activity is terminated, and, in any event, within 12 months|
|Improving the purchase experience (locating the closest store, using a camera to enter credit card data)||Consent||Identifying personal data and data about geographic location||Until the service is terminated or consent given is revoked|
Disclosure and dissemination of data
In relation to the purposes indicated, personal data may be communicated to shipping companies (“shippers”) in order to carry out the contract to purchase products.
Transfer of data to non-EU countries
Au Depart will not transfer data to non-EU countries. Rights of the data subject In relation to the personal data covered by this disclosure, the data subject is entitled to exercise the rights provided by the EU Regulation and listed below:
- right to revoke the consent at any time [Art. 6(1) subpara. a) and Art. 9(2) subpara. a) of the EU Regulation] without affecting the lawfulness of processing based on consent before its withdrawal;
- the data subject’s right of access [Art. 15 of the EU Regulation] (consisting of the right to be informed of processing performed on his/her personal data and to obtain a copy thereof);
- right to rectify his/her personal data [Art. 16 of the EU Regulation] (the data subject has the right to obtain rectification of inaccurate personal data concerning him/her);
- right to obtain erasure of his/her personal data without undue delay (“right to be forgotten”) [Art. 17 of the EU Regulation] (the data subject has the right to the erasure of his/her data);
- right to restrict processing of his/her personal data [Art. 18 of the EU Regulation], in cases permitted by current law, including where the processing is unlawful or the data subject contests the accuracy of the personal data;
- right to data portability [Art. 20 of the EU Regulation] (the data subject may request to receive his/her personal data in a structured format in order to transmit them to another controller, in the situations set forth in that Article);
- right to object to the processing of his/her personal data [Art. 21 of the EU Regulation] (the data subject has and will continue to have the right to object to the processing of his/her personal data in the situations set forth in and governed by Art. 21 of the EU Regulation); and
- right to not be subjected to automated decision-making processes [Art. 22 of the EU Regulation] (the data subject has and will continue to have the right to not be subject to a decision based solely on automated processing).
The above rights can be exercised as set forth in the EU Regulation by sending an e-mail to:firstname.lastname@example.org
In accordance with Art. 19 of the EU Regulation, Au Depart will inform each recipient to whom the personal data were disclosed of any rectification or erasure or restriction of processing requested, where possible.
Where the purpose for the processing pursued by Au Depart has the user’s consent as its legal basis, the user may revoke that consent at any time by sending an e-mail to email@example.com Pursuant to Art. 7 of the EU Regulation, revocation of the consent will not affect the lawfulness of processing based on consent before its withdrawal. If the data subject believes his/her rights have been compromised, he/she may lodge a claim with the Italian Data Protection Authority (www.garanteprivacy.it).
Automated decision-making process
The use of automated decision-making processes, including profiling, which produces legal effects concerning the user or similarly significantly affects him/her, is lawful solely in the situations set forth in and governed by Art. 22 of the EU Regulation, namely, where it:
- is necessary for entering into, or performing, a contract between the data subject and a data controller;
- is authorised by Union or Member State law to which the controller is subject; or
- is based on the data subject's explicit consent.
The personal data will be processed in hard-copy, computerised and electronic form and entered in the relevant databases (potential customers, customers, users, etc.) which can be accessed, and thus learned of, by employees expressly designated by the controller as data processors or persons authorised to process personal data, who may consult, use, process, align and perform other appropriate operations, which may be automated, in accordance with laws necessary to safeguard, among other things, the confidentiality and security of the data, as well as their accuracy, updating and relevance to the stated purposes.
Changes and updates