Privacy Policy
  1. Home
  2. Privacy Policy

Privacy Policy

Pursuant to European Regulation 2016/679, data is collected for specific and legitimate purposes and processed in a manner compatible with these purposes; the data are adequate, relevant and limited to what is necessary and in compliance with the purposes for which they are processed; the data is processed lawfully, correctly and transparently. This Privacy Policy indicates the nature, object and purposes of the processing of personal data (hereinafter "data") within our Online Shop, related sites, functions and contents, as well as our external web presences, e.g. our presence on social media. 

OWNER OF THE TREATMENT 

ITALSCENT S.R.L., with registered office in Campitello di Marcaria (MN) Pz. Garibaldi n. 19/B and operational headquarters in Marcaria (MN), Strada V. Marone n. 8, tax code and VAT number 01171160110 mail: info@italscent.com , PEC: italscent@legalmail.it , Telephone: 0376 924067. 

PLACE OF DATA PROCESSING 

The treatments, connected to the services of this site, take place at the offices of the Data Controller and of the External Managers whose list is available from the Data Controller and are handled by personnel in charge of processing. The site is hosted on machines managed by Serverplan S.r.l. based in Cassino (FR), via G. Leopardi n. 22 (Provider) by virtue of a sub-supply contract existing between Serverplan S.r.l. and the company NUR S.r.l. based in San Giorgio Bigarello (MN). 

PURPOSE AND LEGAL BASIS OF THE TREATMENT 

The purposes for which personal data will be processed are as follows: to. registration and management of the Registered User's account and management of purchase orders (e-commerce) through the company website and therefore consequently:

  • (i) administrative, fiscal and commercial management of orders,
  • (ii) supply of products and services,
  • (iii) payment processing,
  • (iv) fulfillment of requests by Registered Users or Visitor Users also forwarded through the "contact" page of the Site, 
  • (v) request for release of the Card.
  1. b. Registration for the promotional communications service made available through the online site/App. 
  2. Sending advertising/promotional communications regarding products and services similar to those purchased once a first purchase has been made through the Data Controller's e-commerce (so-called "soft spam" regulated by article 130 paragraph 4 of the Privacy Code Legislative Decree Legislative Decree 196/2003). 
  3. Sending advertising/promotional material, via ordinary mail, e-mail, telephone calls, text messages, the Application or the reserved area of the site, to promote products, services and offers. 
  4. Analysis relating to the user's performance and commercial attitudes (based on the purchasing habits and data provided by the user) through automated processes (so-called "profiling") aimed at sending advertising/promotional material profiled on each user. 
  5. Allow the issue, use and management of the Card as well as your participation in collecting points, access to prizes, promotional initiatives and reserved discounts and the management of your reports. The legal basis of the processing referred to in point a) is the execution of a contract of which the interested party is a part. The legal basis of the processing referred to in point b) is the consent of the interested party. The legal basis of the processing referred to in point c) is the legitimate interest of the Data Controller in sending advertising/promotional material concerning products/services previously purchased by you (art. 130 paragraph 4 of the Privacy Code). The legal basis of the processing referred to in points d), e) is the consent of the interested party. The legal basis of the processing referred to in point f) is the execution of a contract of which the interested party is a part. Consent can be validly given and revoked with reference to one or more of the aforementioned processing purposes. The consent you have given may be revoked at any time using methods similar to those envisaged for registering with the Application, without prejudice to the lawfulness of the processing based on your consent prior to the revocation. The processing of personal data for the purposes referred to in points a) is mandatory and necessary for the correct execution of the contract of which the interested party is a part. Any partial or total refusal to provide Data for these purposes will make it impossible for the Data Controller to execute the contract.

The processing of personal data for the purposes referred to in point b) is optional, however any partial or total refusal to provide data for these purposes will make it impossible for the Data Controller to process the registration request to the newsletter. The processing of data for the purposes referred to in point c) is carried out in the legitimate interest of the parties (customer and owner), until the customer expresses the will not to be contacted again (so-called soft spam, pursuant to article 130 c.4 of the Privacy Code). The processing of personal data for the purposes referred to in points d), e), f) is optional. Any partial or total refusal to process the Data for this purpose will make it impossible for the Data Controller to follow up on the related activities.

 

TYPE OF DATA PROCESSED

Personal data 

The Data Controller processes non-particular personal data (by way of a non-exhaustive example: name and surname, address, telephone number, e-mail, bank details, etc ...), which are communicated to us during the registration / interaction / compilation of data on the Owner's website in the "contact" section and/or for online purchases.

Cookies 

Cookies are not used to determine the personal identity of anyone visiting the site. The cookies used are classified as: Necessary Cookies: essential for the site to function; Performance Cookies: they help improve site performance and measure the number of times a page is visited; Functionality Cookies: they help memorize the settings you have selected in order to remember your preferences during a subsequent visit. The complete information on cookies can be viewed in the appropriate Cookie Policy (LINK) 

Particular data (so-called "sensitive")

Particular data includes information, which may reveal racial or ethnic origin, political opinions, religious or other beliefs, membership of trade unions, health status, sexual orientation, judicial data. No particular data is intentionally collected through this website, nor genetic or biometric data. We ask you not to provide such information through our site. 

Minors

This information is not intended for use by minors. Consequently, we do not knowingly process data of minors. 

 

ACCESS - DATA COMMUNICATION

The Data Controller will communicate personal data only to third parties who provide an adequate level of personal data protection and for the following reasons: where communication is necessary to satisfy a user request involving third parties with whom the Data Controller has a relationship; if the communication is reasonably connected to the provision of a requested service; if required by the Authority or, in any case, based on the rules.

Personal data may be made accessible to employees/collaborators of the Data Controller in their capacity as persons in charge of processing, to the system administrator and to external subjects (e.g. IT consultancy companies). The Data Controller does not process personal data and/or information obtained through this site for dissemination or sale to third parties for marketing purposes.

 

FACULTY OF CONFERRING DATA 

Apart from that specified for navigation data, the interested party is free to provide personal data requested in the questionnaire for the forwarding of estimates, personal data by forwarding e-mails to request information, sending informative material or to join to events and initiatives. Failure to provide personal data may make it impossible to follow up on the request of the interested party.

 

PROCESSING METHODS 

Personal data can be processed both on paper and electronically. Specific security measures are observed to prevent data loss, illicit use and unauthorized access.

 

STORAGE TIMES

The data and information collected from site users are kept for the time necessary to achieve the purposes for which they are processed. The fulfillment of legal obligations, the constraints deriving from civil, fiscal, corporate legislation, the need to exercise a right in court, or other specific constraints established by the legislator, may lead to further conservation obligations.

 

PROCESSING OPERATIONS 

Below you will find the various processing operations carried out by us, divided into different areas of activity. The operations of data processing can overlap and, consequently, the data can be processed in different contexts.

 

Web Servers and Security 

Server logs 

With each access to the online offer, the server on which this online offer is located collects so-called log files, in which user data is saved. The data is primarily intended for statistical analysis aimed at maintaining and optimizing server operation and other security objectives, e.g. to recognize potential unauthorized access. 

  • Categories of data processed: usage data and metadata (name of the site opened, data, date and time of access, amount of data transmitted, notification of successful access, browser type and version, user's operating system, referrer URL [previously consulted page], IP address and requesting provider). 
  • Legal basis: Art. 6(1)(f) GDPR, our legitimate interest as described here. 
  • Purpose of processing: optimization of server operation and security monitoring.
  • Need/interest underlying the processing: security, commercial interests. 
  • Categories of recipients: data is transferred to third parties only if the transfer is necessary for the management of our website, for security or legal reasons. 
  • Deletion of data: 30 days after collection.

 

Accessibility 

To enable a barrier-free visit to the online shop, our visitors can use features of our service provider accessible via a so-called widget. The following data is sent to the servers of the service provider: URL of images, URL of links, HTML structure, CSS attributes, clicks, interactions and pages viewed. This information does not include the actual content/text of the website or information from forms or fields. Furthermore, the above information does not contain any personal information of a user and cannot be associated with a user.

 

Areas of data processing

 In this section you will find information about the services and key actions that we carry out within our online offer, such as, for example, the response to requests and the performance of contractual services, as well as related activities. 

Order processing in the online shop

 We process your data as part of the order processes in our online shop in order to enable you to choose and order the selected products, as well as to enable payment and delivery.

  • Categories of data processed: personal data, contact data, contractual data, payment data.
  • Legal basis: Art. 6(1)(b) (execution of order processes) c (legal retention obligation) and f (legitimate interests) GDPR. 
  • Purpose of processing: provision of contractual services in the context of operating an online shop, accounting, delivery, user services. 
  • Necessity/interest at the basis of the treatment: the data constitute the basis of the contract and are necessary for the execution of the same. When we transmit your data (e.g. shipping address, e-mail, telephone contact) to the company responsible for delivering your order, this serves both our service to users and the legitimate interests of the logistics company, as well as our own. legitimate interests. In this way, the logistics company can possibly contact you by email before delivery to give you the possibility to agree on further details (time/place) of the delivery. 
  • Categories of recipients:

♣ for delivery: use of a fulfillment provider and logistics companies; 

♣ for payment: use of payment service providers, as well as banks and financial institutions; 

♣ IT service providers for the operation of the online offer. The processing of your data could also take place outside the European Union if this is necessary; in this case the Data Controller ensures that the transfer will take place in accordance with art. 44 of the European Regulation. 

  • Deletion of data: the data are deleted upon expiry of the legal and equivalent guarantee obligations (e.g. expiry of the obligation to keep data for tax purposes 10 years). The data in the user's account is kept until the cancellation of the same.

 

User accounts 

Prerequisite for the user account (which also contains a list of desired products) is registration. Subsequently, the user can monitor his orders by providing his login data and use further functions of the user account. User account information is neither accessible nor searchable by external parties, such as search engines or other users. You are responsible for keeping your login information secure.

  • Categories of data processed: personal data (name, surname, e-mail address, telephone number, contact details, contract details, payment details).
  • Legal basis: Art. 6(1)(b) GDPR (contractual legal basis). 
  • Purpose of the processing: creation and management of a user account for the management of contractual relationships.
  • Necessity/interest underlying the processing: the user account is optional, the data for account management are mandatory. Required fields are marked. The completion of the remaining fields is at the discretion of the individual user.
  • Categories of recipients: Italscent s.r.l. The processing of your data could also take place outside the European Union if this is necessary; in this case the Data Controller ensures that the transfer will take place in accordance with art. 44 of the European Regulation.
  • Deletion of data: the data in the user's account are kept until it is deleted from the system, with subsequent conservation for the purposes of any legal obligations (e.g. expiry of the obligation to keep data for tax purposes 10 years) .

 

Customer database management, response to inquiries and customer relationship management

 As part of our customer data management and customer relationship management, we store information about your data and your orders in our management software or similar applications. The same applies to the information/enquiries we receive from you via our contact form and in other ways, for example by e-mail.

  • Categories of data processed: personal data, contact data, contractual data, payment data, usage data, metadata.
  • Legal basis: Art. 6(1)(f) GDPR (our legitimate interest as described here); Art. 9(2)(a) GDPR, insofar as customer inquiries contain special types of data within the meaning of Art. 9(1) GDPR. 
  • Purpose of processing: response to requests, management of customer relationships.
  • Necessity/interest underlying the processing: the processing is necessary in order to respond to requests received, to optimize the service, to improve the agility of use by the user and for the purposes of commercial interests. 

♣ Categories of recipients: supplier of the management program (responsible for the treatment). The processing of your data could also take place outside the European Union if this is necessary; in this case the Data Controller ensures that the transfer will take place in accordance with art. 44 of the European Regulation. 

  • Deletion of data: We delete requests as soon as they are no longer needed. Requests from users who have a user account are saved permanently and are deleted when the user account data is deleted. Further data processed in the context of customer relationship management is deleted upon deletion of the user account; in the event of legal retention obligations, the deletion takes place after the expiry of these obligations (e.g. expiry of the obligation to retain data for tax purposes 10 years).

 

Business analysis, marketing and market research

For the management of our business and for the analysis of market trends, as well as user and customer preferences, we analyze the data transmitted to us relating to transactions, contracts, inquiries, etc. For this purpose, the user data relating to registration and orders are combined with data relating to user behaviour. 

  • Categories of data processed: master data, contact data, contract data, payment data, usage data and metadata, eg. data of the activities carried out on our online channels starting from an email, data on the pages visited, page progress, device used, geographical data and data about the pseudonymised identification of the user profile. 
  • Legal basis: Art. 6(1)(f) GDPR (our legitimate interest as described here). 
  • Purpose of the treatment: business analysis, marketing and market research.
  • Need/interest at the basis of the processing: improvement of ease of use for the user, optimization of the offer, company analysis. 

♣ Categories of recipients: supplier of the management program (responsible for the treatment). The processing of your data could also take place outside the European Union if this is necessary; in this case the Data Controller ensures that the transfer will take place in accordance with art. 44 of the European Regulation. 

  • Deletion of data: in the event that a user account was created upon deletion of the account, otherwise after two years after conclusion of the contract. In particular, the company analysis and the definition of general trends are performed anonymously, where possible.

 

External network presence 

Our online presence extends to the following social networks and platforms in order to communicate with the respective active users and to inform them about our company and our products. If you communicate with us within a social network or platform, e.g. by sharing a comment on our online presence or by sending us a message, your data will be used for communication purposes. Furthermore, if you visit and interact with our online presence, the operator of the social network or platform in question will be able to analyze your behavior and share the information thus obtained with us. The use of this information is aimed at commercial optimization and the development of our online presence as needed. As a rule, your data is also processed by the respective operator within social networks and platforms for advertising and market research purposes. Therefore, based on your behavior and related interests they can

 

create user profiles, in order to activate advertisements targeted to interests within and outside social networks and platforms. For further information on the data processing by the operators and on the possibilities of objecting, please refer to the privacy policies of the individual operators. The processing of your data by us is based in each case on our legitimate interest (Art. 6(1)(f) GDPR) to increase the awareness of our company, to communicate with persons interested in our company and to our products, as well as to better understand your wishes and interests. In this sense, the categories of data processed are possibly personal data (e.g. name, address), possibly contact data (e.g. e-mail, telephone number), content data (e.g. texts), data usage data (e.g. web pages visited, content interests, access times), metadata and connection data (e.g. device information, IP address). Your data is deleted based on the privacy policies of the individual manager.

 

Facebook

Manager: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublino 2, Irlanda(As co-owner, the principles of the agreement are available at https://www.facebook.com/legal/terms/page_controller_addendum ), parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; manager's privacy policy: https://www.facebook.com/policy.php.

Instagram

Manager: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublino 2, Irlanda(As co-owner, the principles of the agreement are available at https://www.facebook.com/legal/terms/page_controller_addendum ), parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; manager's privacy policy : https://help.instagram.com/519522125107875.

Youtube

Manager: Google Ireland Limited, Gordon House, Barrow Street, Dublino 4, Irlanda, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; manager's privacy policy : https://policies.google.com/privacy.

Pinterest

Manager: Pinterest Europe Ltd.; Palmerston House, 2nd Floor; Fenian Street; Dublino 2, Irlanda; parent company: Pinterest, Inc. 505 Brannan Street; San Francisco, CA 94107; manager's privacy policy : https://policy.pinterest.com/it/privacy-policy.

Twitter

Manager: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; manager's privacy policy : https://twitter.com/it/privacy, (impostazioni) https://twitter.com/personalization.

TikTok

Manager: TikTok Technology Limited, 10 Earlsfort Terrace, Dublino, D02 T380, Irlanda;  privacy policy: https://www.tiktok.com/legal/page/eea/privacy-policy/it-IT

 

Links/buttons to social networks and platforms 

The links/buttons to social networks and platforms in our online offer basically constitute a contact between the social networks or platforms and the user when he clicks on them. This function corresponds to the functioning of a regular online link. As soon as you click on a link/button, a new page opens which is accessed from the servers of the respective social network or platform. The operator of the social network thus learns that our website was accessed via your IP address. The provider can simultaneously use or read cookies on your end device, if you have not rejected the use of cookies in your browser. For further information on the possible processing of your personal data by the manager of social networks or platforms, please refer to the privacy policies of the individual managers.

 

Built-in content and features 

In this section we describe which content, software or functions (in short "content") from other providers we embed into our online offer (so-called "embedding"). In this case, a copy of the content is not produced, as this is retrieved from the original server. We use embedding for legal reasons, e.g. for the management of cookies, in order to make our online offer more interesting for users, to show access routes to our shop or to improve the security of the online offer, e.g. to block bot attacks. The presentation of the contents requires that the third-party provider of such contents processes the user's IP address (without an IP address it is not possible to send the contents to the browser). The IP address is therefore required for the presentation of

such content or features. In the event that the collection of further categories of data is necessary for the presentation of the contents, these are subsequently specified by the corresponding service. The responsibility for data protection of ITALSCENT S.R.L. is limited to the collection and transmission to the third party provider of the IP address and any other data necessary for the presentation of the data. Responsibility after data transmission rests exclusively with the third-party provider. For further information on whether the third-party provider processes your data, please refer to the privacy policies of the individual third-party providers. 

Cookie management 

When you visit our website, certain specific information is stored or read out on your end device if it is absolutely necessary for the operation of our website. 

  • Categories of data processed: usage data, connection data. 
  • Legal basis: Art. 6(1)(c), (f) GDPR (fulfilment of a legal obligation and our legitimate interest).
  • Purpose of the treatment: management of cookies.
  • Necessity/interest underlying the processing: the use of cookiebot allows you to avoid the use of optional cookies, without the user's prior authorization. 
  • Categories of recipients: cookie management service provider (responsible for the treatment). 
  • Deletion of data: based on the cookies set. For further information on individual cookies, the related purposes and cancellation times, as well as on the possible cookie settings (consent and withdrawal of consent) please refer to the appropriate Cookie Policy (LINK)

 

Google Maps

  • Categories of data processed: usage data, connection data, any geographical data (based on the use of GPS).
  • Legal basis: Art. 6(1)(c), (f) GDPR (fulfilment of a legal obligation and our legitimate interest).
  • Purpose of processing: connection to interactive maps and the map function of Google Maps.
  • Need/interest at the basis of the processing: the use of Google Maps allows you to simplify the search operation for the ITALSCENT S.R.L.
  • Data recipients: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Within the scope of this service, it cannot be excluded that data is transferred outside the European Union.

 

Google reCAPTCHA

  • Categories of data processed: usage data, connection data. 
  • Legal basis: Art. 6(1)(f) GDPR (our legitimate interest as described here).
  • Purpose of the treatment: to prevent the illegitimate use of our website by verifying the accesses to the same, in particular if these accesses are performed by people or by bots and similar programs.
  • Necessity/interest behind the processing: it is our legitimate interest to ensure the security of our website and our IT systems.
  • Data recipients: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. As part of this service, it cannot be excluded that data is transferred outside the European Union.

 

YouTube 

  • Category of data processed: usage data, connection data.
  • Legal basis: Art. 6(1)(f) GDPR (our legitimate interest as described here).
  • Purpose of processing: linking to videos via YouTube video plug-ins. 
  • Need/interest behind the processing: It is our legitimate interest to be able to present you with further information about our products via the video link. In this sense, we use the extended data protection mode of the service provider for data minimization purposes. 
  • Data recipients: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Within the scope of this service, it cannot be excluded that data is transferred outside the European Union.

 

Marketing 

In this section you will find information about the data processing we perform for the purpose of optimizing our services, marketing and market research.

Sending newsletters and performance measurement 

We send newsletters, e-mails and other electronic notifications with information about our services and our company (hereinafter "newsletter") with the consent of the recipient. Within the scope of this authorization, we use your e-mail address, which we have received from you in connection with the sale of a good or service, for direct advertising for our similar goods or services (hereinafter "direct advertising"). You can revoke your consent at any time or object to the use of your e-mail address for direct advertising at any time, for example by unsubscribing via a link contained in each newsletter. The data of the newsletter subscribers is recorded, as we are obliged to prove the recordings. Furthermore, we keep track of whether the newsletters have been opened and whether the links have been clicked. For technical reasons, this information is stored per user, but is not used to track individual users, but rather to tailor content and offers to the users, for example. The information we should collect in addition to the e-mail address (e.g. name) is used to address you personally or to tailor the newsletter content to you.

 

  • Categories of data processed: personal data (email address), usage data (e.g. access time), IP address, opening of the e-mail, time and place, time and click on the newsletter link, data of the referrer, use of the online shop, topic preferences, if applicable: information on unsubscribing from the newsletter. 
  • Legal basis: Art. 6(1)(a), Art. 7 GDPR (consent of the data subject).
  • Purpose of processing: sending of newsletters, optimisation, proof of consent.
  • Necessity/interest underlying the processing: only the e-mail address is required for sending; the additional data is optional and is used to personalize and optimize the contents based on the user's interests; registration is based on proof of consent. 

♣ Recipient categories: CRM system provider (processor). The processing of your data could also take place outside the European Union if this is necessary; in this case the Data Controller ensures that the transfer will take place in accordance with art. 44 of the European Regulation.

  • Deletion of data: following unsubscribing from the newsletter, the e-mail addresses used to prove the previous subscription, together with the recorded subscription data (timetable, IP address), are kept for two years and subsequently deleted.

 

Advertising communications by mail 

Information about our products and promotional notices may also be sent by post. Of course, you can unsubscribe from postal mail at any time, by email or post.

  • Categories of data processed: usage data, personal data, address and contact data, contractual data.
  • Legal basis: Art. 6(1)(f) GDPR (our legitimate interest as described here).
  • Purpose of the treatment: advertising communication. 
  • Need/interest underlying the processing: information and commercial interests.
  • Categories of recipients: postal operator for the shipment of material.
  • Deletion of data: upon objection/revocation or cessation of the basis of legitimacy (except for registration on a blacklist, whereby the sending of advertising communications by post is prohibited in the future).

 

Customer surveys 

In connection with visiting our online offer, you may be invited by us to participate in customer surveys. Depending on the survey, you may be invited to participate directly on our website or we may invite you to participate by email. Of course, we will only contact you by e-mail if the legal requirements are met or if you have previously agreed to hear from us.

  • Categories of data processed, depending on the survey: metadata (e.g. referrer URL [previously visited page], click behavior, browser type and version, user's operating system, IP address and requesting provider), address and -mail (for communication purposes), survey responses. If it is necessary to prevent multiple participations, we use a cookie blocker by storing a cookie in the participant's browser. This allows the user to be recognized on subsequent visits and can be excluded. 
  • Legal basis: Art. 6(1)(f) GDPR. 
  • Purpose of processing: Internal analysis of customer preferences, further development and optimization of our product portfolio as well as sales and marketing purposes. 
  • Need/interest underlying the processing: Participation in a survey is voluntary. However, if you decide to participate, it is in our legitimate interests to use your data for the above purposes. 
  • Categories of recipients: within ITALSCENT S.R.L., access to your data is granted to the offices that need it for the purposes mentioned above. Access to your data is also possible for the service providers used by us (for example service providers who provide the IT infrastructure for survey processing or for customer data management). The processing of your data could also take place outside the European Union if this is necessary; in this case the Data Controller ensures that the transfer will take place in accordance with art. 44 of the European Regulation. 
  • Deletion of data: As soon as we no longer have a legitimate interest in further processing and the deletion does not conflict with any statutory data retention obligations.

 

Coupons

 In certain situations it is possible that we or third parties provide you with vouchers for purchases in our online shop, for example as a thank you for your participation in a survey or other promotions or in the form of discount vouchers. For more information on the respective vouchers, please refer to the respective terms and conditions of the vouchers.

  • Categories of data processed: Voucher number, issue date, validity date, redemption date, voucher amount and, depending on the voucher form, authorization status, name and e-mail address, if applicable. 
  • Legal basis: Art. 6(1)(b) GDPR (eg if you participate in a promotion linked to a voucher), Art. 6(1)(f) GDPR (eg if we proactively provide you with vouchers) .
  • Purpose of the treatment: management of vouchers. 
  • Need/interest underlying the processing: The data is required for the management of the vouchers. It is in our legitimate interest to provide you with vouchers for customer retention or customer acquisition if necessary. The redemption of a voucher is voluntary. 

♣ Recipient categories: Service providers who provide the IT infrastructure for voucher management (order processors). The processing of your data could also take place outside the European Union if this is necessary; in this case the Data Controller ensures that the transfer will take place in accordance with art. 44 of the European Regulation.

  • Deletion of data: As soon as we no longer have a legitimate interest in further processing and the deletion does not conflict with any statutory data retention obligations.

 

User measurement (statistical analysis), online marketing and technology partners 

In the context of this processing, the legal basis for the use of the data is our legitimate interest (Art. 6(1)(f) GDPR) to increase user friendliness and to optimize and broaden the our offer in a targeted way. You can revoke the authorization to the treatment using the cookie settings. The categories of data processed concern usage data and metadata. The measurement of the users reached and the online marketing are based in particular on cookie technology. The deletion of data is established, unless otherwise indicated, in accordance with the privacy policies of the technology partner. For further information on the individual cookies, their purposes and deletion times, as well as on the possible cookie settings (consent and withdrawal of consent), please refer to the information on cookies.

 

RIGHTS OF THE INTERESTED PARTY AND GENERAL INFORMATION 

Rights of the person concerned 

Pursuant to Art. 7 (3) GDPR, the data subject has the right to revoke his consent for the future at any time. Pursuant to Art. 15 GDPR, the interested party has the right to obtain confirmation as to whether or not personal data concerning him is being processed and, in this case, to obtain access to personal data, further information and a copy of the data. 

Pursuant to Art. 16 GDPR, the interested party has the right to obtain the integration or rectification of inaccurate personal data concerning him.

Pursuant to Art. 17 GDPR, the interested party has the right to obtain the cancellation of personal data concerning him, without unjustified delay, or alternatively pursuant to Art. 18 GDPR you have the right to obtain the restriction of the processing of your personal data. 

Pursuant to Art. 20 GDPR the data subject has the right to receive personal data concerning him and has the right to transmit this data to another controller

Pursuant to Art. 21 GDPR, the data subject has the right to object at any time to the processing of personal data concerning him for the future. The right to object can in particular be exercised in relation to direct marketing purposes. 

Pursuant to Art. 77 GDPR, the interested party has the right to lodge a complaint with the competent Supervisory Authority. The above rights may be exercised at any time by requesting the Data Controller to be sent via e-mail to the address: : info@italscent.com o via PEC to the address: italscent@legalmail.it

 

Obligation to provide data 

Unless otherwise provided by the aforementioned legal basis of the processing, the interested party is not obliged to provide personal data. In the cases referred to in Art. 6(1)(b) GDPR, however, personal data is necessary for the conclusion and execution of the contract. If the data in question are not available, the conclusion and/or execution of the contract is impossible. In the cases referred to in Art. 6(1)(c) GDPR data processing is based on legal obligations. If the interested party does not provide us with the data pursuant to Art. 6(1)(a), (f) GDPR, the use of the part of our website or the services in question will be impossible or possible to a limited extent.

 

Data transmission 

If we disclose this data in the context of data processing, grant access to it or otherwise pass it on to third-party persons or companies (controller or third party), this will only be done on the basis of the consent of the data subject ( for example, if the transmission of data to third parties, such as shipping or payment service providers, is required in accordance with Article 6(1)(b) GDPR for the purpose of contract execution), a legal obligation pursuant to Art. 6(1)(c) GDPR so required or our legitimate interest pursuant to Art. 6(1)(f) GDPR (e.g. in case of credit management). If we delegate the data processing to a third party, this will be done on the basis of Art. 28 GDPR (e.g. for handling complaints or general inquiries about products through a service provider designated by us).

 

Changes and updates to the Privacy Policy 

We reserve the right to update this Privacy Policy from time to time. Updates are posted on our web page. The changes are valid from the moment of their publication on our website.

 

Last updated: November 2022

Enter our
perfumed world

Get to know EVOCA