INFORMATION ON THE PROCESSING OF PERSONAL DATA
of users who browse the website www.alpen.shop
pursuant to Article 13 of Regulation (EU) 2016/679
INTRODUCTION
Pursuant to Regulation (EU) 2016/679 (hereinafter “Regulation”), this page describes the methods of processing personal data of users who consult the website of Alpen S.a.s. di Atena S.r.l., accessible electronically at the following address: www.alpen.shop.
This information does not concern other sites, pages, or online services that can be reached via hypertext links that may be published on the site but refer to external resources outside the domain of Alpen S.a.s. di Atena S.r.l.
LEGAL BASIS AND PURPOSE OF THE PROCESSING
The processing of data collected by the site is aimed at the following purposes:
Statistics: Collection of data and information in an exclusively aggregated and anonymous form in order to verify the correct functioning of the site. None of this information is related to the physical person-User of the site, and it does not allow their identification in any way. No consent is required.
Security: Collection of data and information in order to protect the security of the site (spam filters, firewalls, virus detection) and Users and to prevent or unmask fraud or abuse against the website. The data is recorded automatically and may also include personal data (IP address) that could be used, in accordance with applicable laws, to block attempts to damage the site itself or to harm other users, or in any case harmful activities or constituting a crime. These data are never used for User identification or profiling and are periodically deleted. No consent is required.
Accessory activities: Communicating data to third parties who perform functions necessary or instrumental to the operation of the service, and to allow third parties to perform technical, logistical, and other activities on our behalf. Suppliers have access only to personal data that are necessary to perform their tasks, undertake not to use the data for other purposes, and are required to process personal data in accordance with current regulations.
Customer assistance/customer care: Collection of data and information necessary to provide customer support services. The legal basis for this processing is the execution of pre-contractual measures.
For these purposes, the site primarily processes data based on the consent of the users. Consent is given via the banner placed at the bottom of the page or by using or consulting the site, which is considered conclusive behavior. By using or consulting the site, visitors and users approve this privacy policy and consent to the processing of their personal data in relation to the methods and purposes described below, including any dissemination to third parties if necessary for the provision of a service.
Customer Reserved Area
The processing of data collected by this site in the customer reserved area is aimed at the following purposes:
Site access and purchase contract conclusion: Collection of data and information instrumental and necessary for the use of services, including the possibility of adding products to the cart, purchasing online through the e-shop, and enabling the conclusion of the purchase contract through the site.
Execution of the purchase contract: Collection of data and information instrumental and necessary to fulfill the obligations arising for RTS Italia from the concluded purchase contract (e.g., delivery of products) and to allow the fulfillment of obligations arising for the user from the concluded purchase contract through the site, such as payment for purchased products.
Account management: Collection of data and information instrumental and necessary for account management, which includes storing data and information such as, for example, personal data, order history, delivery and/or billing addresses.
Administrative, accounting, and tax purposes related to service provision and the purchase contract: The provision of data is mandatory in order to comply with legal obligations.
Customer assistance/customer care: Collection of data and information necessary to provide customer support services.
The provision of data for the above purposes is optional; however, failure to provide such data will make it impossible for the user to access and/or browse the site and/or register and/or use the services reserved for registered users and/or conclude a purchase contract through the site. For these purposes, the site processes data on the legal basis of contract fulfillment or, depending on the case, the execution of pre-contractual measures adopted at the request of the interested party.
DATA COLLECTED
This site collects user data in two ways:
Data collected automatically: During user navigation, information may be collected that is stored in the server log files (hosting) of the site, such as IP addresses or domain names of the computers used by users who connect to the site, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters relating to the user’s operating system and IT environment.
The data thus collected could be used to ascertain liability in the event of potential cyber crimes to the detriment of the site.
These data are used for statistical and analysis purposes, in an exclusively aggregated form. The IP address is used exclusively for security purposes and is not cross-referenced with any other data.
Voluntarily provided data: The site may collect other data when users voluntarily use services such as access to the reserved area, comment services, communication services (contact forms, comment boxes), and will be used exclusively for the provision of the requested service. These data may include name, surname, email address, contact information, and any other personal data (e.g., additional information provided in forms).
DATA COLLECTED THROUGH THE CONTACT FORM
By filling out the contact form, the user provides the following data:
First and last name
Contact email address
Additional notes in the “Messages” field
The contacts indicated by the user and the information entered by the user in the message body are used exclusively to respond to the user’s request.
Providing data and thus consenting to data collection and processing is optional. The user can refuse consent and can revoke any previously given consent at any time (via browser settings for cookies or the Contact link). However, refusal of consent may make it impossible to provide certain services and may compromise the browsing experience on the site.
COOKIES
For information related to the use of cookies and their deactivation, please refer to the Cookie Policy.
LOCATION OF DATA PROCESSING
The data collected by the site is processed at the headquarters of the Data Controller and at the data centers of the web hosting provider Aruba S.p.A. Via San Clemente, 53 – 24036 Ponte San Pietro (BG), which is responsible for data processing, processing data on behalf of the owner, located in the European Economic Area and acting in accordance with European regulations.
DATA RETENTION PERIOD
The data collected by the site during its operation is retained for the time strictly necessary to carry out the specified activities. At the expiration of this period, the data will be deleted or anonymized, unless there are additional purposes for retaining them.
TRANSFER OF COLLECTED DATA TO THIRD PARTIES
The data collected by the site is generally not provided to third parties, except in specific cases: legitimate request by judicial authorities and only in cases provided by law; when necessary for the provision of a specific service requested by the User; for the execution of security checks or site optimization.
TRANSFER OF DATA TO NON-EU COUNTRIES
This site may share some of the data collected with services located outside the European Union area. In particular, with Google, through the Google Maps widget and the Google Analytics service.
For information on the use of data and their processing by Google, it is recommended to review Google’s privacy policy and Google’s methods of using data when using partner sites or apps.
The transfer is authorized based on specific decisions of the European Union and the Data Protection Authority, particularly Decision 1250/2016 (Privacy Shield – here is the information page of the Italian Data Protection Authority), for which no further consent is required. The aforementioned companies guarantee their adherence to the Privacy Shield.
SECURITY MEASURES
We process visitor/user data lawfully and fairly, adopting appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of data. The processing is carried out using IT and/or telematic tools, with organizational methods and with logic strictly related to the indicated purposes. In addition to the Data Controller, in some cases, categories of persons involved in the organization of the site may have access to the data, such as external subjects (such as third-party technical service providers, hosting providers).
USER RIGHTS
Pursuant to European Regulation 679/2016 (GDPR) and Article 7 of Legislative Decree 30 June 2003, n. 196, the User can, according to the methods and within the limits provided by the current legislation, exercise the following rights:
To oppose, in whole or in part, for legitimate reasons, the processing of personal data concerning them for the purpose of sending advertising material or direct sales or for carrying out market research or commercial communication;
To request confirmation of the existence of personal data concerning them (right of access), to know their origin, and to receive intelligible communication of the same;
To have information about the logic, methods, and purposes of the processing;
To request updating, rectification, integration, cancellation, transformation into anonymous form, blocking of data processed in violation of the law, including those no longer necessary for the purposes for which they were collected;
In cases of processing based on consent, to receive their data provided to the controller, in a structured and readable form by a data processor and in a commonly used format by an electronic device, at the sole cost of any support;
The right to lodge a complaint with the supervisory authority (Data Protection Authority – link to the Authority’s page);
As well as, more generally, exercise all the rights recognized by the current legal provisions.
Requests should be addressed to the Data Controller.
DATA CONTROLLER
The Data Controller, pursuant to current laws, is Alpen sas di Atena srl & Co, represented by Daniel Pasini, contactable at the following email address: hello@alpen.shop.