Shipments suspended from 3 to 25 August

Privacy Policy

This statement complies with article 13 of EU Regulation 2016/679 (GDPR) in accordance with article 13 of law no. 196/2003 (personal data protection code) and applies to all personal data processed using the methods indicated below.

DATA CONTROLLER AND DATA PROTECTION

The controller of data relating to the user is ATUM s.r.l., legally represented pro tem by Mr Ferruccio Vecchi, with registered offices at Via Carlo Crivelli 7, Massa Fermana (FM), 63834 Italy, Tax ID 01827310440 and VAT number 01827310440; Chamber of Commerce registration number FM176692.

FERRUCCIO VECCHI is responsible for data protection and has a Privacy division which can be contacted by email at the dedicated address ecommerce@ferrucciovecchi.com.

Personal data provided may be shared with duly appointed recipients who will process data as data processors and/or as responsible employees, in order to fulfil contracts or associated purposes.

The full list of data processors and appointed individuals can be requested by emailing ecommerce@ferrucciovecchi.com.

TRANSFER OF DATA

In the event that personal data is transferred outside the European Union for technical and operational purposes or to ensure continuity in service, the Controller undertakes to ensure than the transfer is based on a decision regarding the appropriateness of the commission, in order to guarantee that the level of protection for natural persons stipulated by the relevant law – and by the GDPR in particular – is not compromised.

TYPES OF DATA COLLECTED

Full details of each type of data collected are given in the relevant sections of this privacy policy or in special informative statements viewed prior to the collection of data.

Personal data processed is collected as provided directly by the data subject or automatically.

Data provided by the data subject is any personal data provided to the data controller by any means, directly by the data subject.

Automatically-collected data is browsing data. Such data, although not collected for the purposes of association with the user’s identity, may indirectly allow his or her identification through elaboration and association with data collected by the data controller.

Personal data collected by this application, either independently or via third parties, includes name, surname, user ID, password, email address, telephone number, invoicing address, shipping address, house number, city, province, postcode, user data, cookies and tax ID.

PURPOSES OF DATA PROCESSING

The legal basis for the provision and processing of personal data is the fulfilment of contractual or pre-contractual obligations or for legal reasons governing the data controller. For this reason a refusal to allow data processing or the failure, incorrect or partial provision of data may entail the inability to correctly deliver the service or the controller’s inability to respond to requests for information sent by the data subject.

In the event that this application indicates that certain data is optional, users are free to abstain from providing such data, without affecting the availability or operation of services.

The provision of data for the purposes of sending newsletters for promotional, commercial or market research purposes is optional, and a refusal to consent to such processing will result in the impossibility of receiving updates regarding sales initiatives and/or advertising campaigns, special offers and other promotional material.

Users who have questions about which data is obligatory are invited to contact the data controller.

The use of Cookies where applicable – or of other tracking tools – by this application or by the controllers of third-party services used by this application, unless otherwise stated, is for the purposes of providing services requested by the user, in addition to other purposes described in this document and in the Cookie Policy, where available.

The user is responsible for the personal data of third parties obtained, published or shared through this application and must ensure that he or she has the right to divulge or share such data, exempting the controller from any liability to third parties.

WITHDRAWING CONSENT

The data subject may withdraw consent to receive promotional or commercial communications immediately, by sending a request to the email address ecommerce@ferrucciovecchi.com or by clicking on the unsubscribe button, which can be found in the footer of every promotional email received.

METHODS OF DATA PROCESSING

The data controller uses appropriate security measures to prevent unauthorised access, divulging, modification or destruction of personal data.

Personal data is processed using automated tools for the period strictly necessary to fulfil the purposes for which it is collected, and in any case stored data is checked yearly and any data considered obsolete is deleted, unless there is a legal requirement to retain it.

Data processing is normally carried out at the controller’s premises, by staff or external personnel duly authorised as data processors. The full list of data processors and appointed individuals can be requested by emailing ecommerce@ferrucciovecchi.com.

The user has the right to obtain information regarding the legal basis for the transfer of data outside the European Union or to an international organisation subject to international or public law or consisting of two or more countries, for example the UN, and also regarding the security measures used by the controller to protect data.

In the event that such a transfer is carried out, the user my refer to the relevant sections of this document or ask the controller for information by contacting the address given above.

Specific security measures are used to prevent the loss, unlawful or incorrect use or unauthorised access to data.

LEGAL BASIS FOR DATA PROCESSING

The controller processes the user’s personal data where one of the following conditions exists:

The user has consented to one or more specific purposes; NB: in certain cases the controller may be authorised to process personal data without the user’s consent or the legal bases specified below, unless the user opts out from such processing. However, this does not apply where the processing pf personal data is governed by European data protection regulations;
processing is necessary for the fulfilment of a contract with the user and/or for the fulfilment of pre-contractual measures;
processing is necessary for the fulfilment of a legal obligation to which the controller is subject;
processing is necessary for the fulfilment of an activity in the public interest or for the operation of the authorities which govern the controller;
processing is necessary for the pursuit of the legitimate interest of the controller or of third parties.

However, users may ask the controller at any time to clarify the specific legal basis of each instance of processing, and in particular to specify whether such processing is based on law, stipulated in a contract or necessary for the fulfilment of a contract.

PERIOD OF STORAGE

Data is processed and stored for the time necessary to fulfil the purposes for which it is collected.

Therefore:

Personal data collected for purposes linked to the fulfilment of a contract between the controller and the user will be retained until the conclusion of the contract.
Personal data collected for purposes linked to the legitimate interest of the controller will be retained until such interest is fulfilled. The user may obtain further information regarding the legitimate interest of the controller in the relevant sections of this document or by contacting the controller.

Where processing is based on the user’s consent, the controller may store personal data for a longer period, until such consent is withdrawn. Furthermore, the controller may be obliged to retain personal data for a longer period in accordance with a legal obligation or on the orders of an authority.

At the end of the storage period, personal data will be deleted. Therefore the user’s rights to access, deletion, rectification and data portability can no longer be exercised once the storage period has expired.

PURPOSES OF PROCESSING DATA COLLECTED

User data is collected in order to allow the controller to provide services, such as the following: Contacting the user, registration and authentication, handling payments, viewing the content of external platforms.

To obtain more detailed information about the purposes of data processing and about the specific personal data required for each purpose, users should refer to the relevant sections of this document.

DETAILS OF PERSONAL DATA PROCESSING

Personal data is collected for the following purposes and using the following services:

1. To contact the User
Contact form (ASSISTANCE) (This application)

By entering his or her details in the contact from, the user consents to their use in response to requests for information, quotes or any other purpose stated at the top of the form.

Personal data collected: email address, name, telephone number.
Mailing list or newsletter (This application)

By registering for the mailing list or newsletter, the user’s email address is automatically added to a list of contacts which may be sent email messages containing information, including commercial and promotional communications associated with this application. The user’s email address may also be added to this list as a result of registering on this application or following a purchase.

Personal data collected: name and email address.

2. Handling payments

The payment management system allows this application to process payments made by credit card, bank transfer or other methods. Data used for payment is collected directly from the managers of the payment method required, and is not processed in any way by this application.

Some of these services may also allow the programmed sending of messages to the user, such as emails containing invoices or payment notifications.

PayPal (PayPal)

PayPal is a payment service provided by PayPal Inc which allows users to make payments online.

Personal data collected: various types of data depending on the specifications of the service’s Privacy Policy.

Stripe (Stripe Inc)

3. Registration and authentication

By registering or authenticating identity, the user consents to being identified by the application and to use the services provided by it.
In accordance with the information below, registration and authentication services may be provided with the assistance of third parties. Where this is the case, this application may access certain data retained by the third party service used for registration or authentication.

Direct registration (This application)

The user may complete the registration form and directly provide this application with their personal data.

Personal data collected: name, surname, user ID, password, email address, telephone number, invoicing address, shipping address, house number, city, province, postcode, user data, cookies and tax ID.

4. Statistics

Services described in this section allow the data controller to monitor and analyse data traffic and track user behaviour.

Statistics collected directly (This application)

This application uses an internal statistics system which does not involve third parties.

Personal data collected: Cookies and User data

5. TAG management

This type of service is necessary for the centralised management of tags or scripts used by this application.

The use of such services entails the flows of user data itself and, where applicable, its storage.

Google Tag Manager (Google Inc.)

Google Tag Manager is a tag management service for tags provided by Google LLC.

Personal data collected: Cookies and User data

Location of data processing: USA – Privacy Policy.

FURTHER INFORMATION ON PERSONAL DATA

Contact via WhatsApp

Users who provide their telephone number may be contacted via WhatsApp for commercial or promotional purposes associated with this application, such as to respond to requests for assistance.
Personal data collected: telephone number.

Sales of online goods and services

Personal data collected is used to deliver services to the user or for the sale of products, including payment and delivery where applicable. Personal data collected in order to conclude payments may be associated with credit cards, bank accounts used for transfers or other permitted payment methods. Payment data collected by this application depends on the payment system used.

RIGHTS OF THE USER

Users may exercise specific rights with regard to data processed by the controller.

In particular, the user has the right to:

withdraw consent at any time. The user may withdraw previously given consent to the processing of their personal data.
object to data processing. The user may object to the processing of their data when this occurs on a legal basis different to that consented to. Further details on the right to objection are given in the section below.
access to data. The user has the right to obtain information regarding the data processed by the controller or certain aspects of processing, and to receive a copy of the data processed.
verify and request rectification. The user may verify the correctness of their data and request its updating or correction.
restrict processing. Under certain circumstances, the user may request the restriction on processing their data. In such cases, the controller will not process the data for any other purpose than storage.
obtain the deletion or removal of their personal data. Under certain circumstances, the user may request the deletion of their data by the controller,
receive their data or transfer it to another controller. The user has the right to receive their data in a structured, commonly-used and machine-readable format and, where technically feasible, to transfer it without impediment to another controller. This applies when the data is processed using automated means and where the processing is based on the user’s consent, on a contract to which the user is party or on contractual measures associated with such a contract.
lodge a complaint. The user may lodge a complaint with a supervisory authority for data protection or instigate legal proceedings.

DETAILS OF THE RIGHT TO OBJECT

Where personal data is processed in the public interest, in the interest of the public powers held by the controller or in pursuit of the controller’s legitimate interest, users have the right to object to data processing for reasons linked to their particular situation.

Users are informed that, where their data is processed for the purposes of direct marketing, they may object to processing without giving a reason. To find out whether the controller processes data for direct marketing purposes, users should refer to the relevant sections of this document.

HOW TO EXERCISE USER RIGHTS

To exercise their rights, users should send a request to the contact address of the controller, as indicated in this document. Requests are free of charge and forwarded by the controller as rapidly as possible, and in any case within one month.

COOKIE POLICY

This application uses cookies. To find out more, and to view the detailed statement, users are invited to consult the Cookie Policy.

FURTHER INFORMATION ON DATA PROCESSING – DEFENCE IN COURT

The user’s personal data may be used by the controller in court or in the preparatory stages of a case for defence against misuse of this application or associated services by the user.
The user states that he or she is aware that the controller may be obliged to disclose data by order of the public authorities.

SPECIFIC INFORMATION

On the request of the user, in addition to the information given in this privacy policy, this application may provide the user with additional information regarding specific services, or the collection and processing of personal data.

SYSTEM LOGS AND MAINTENANCE

For reasons linked to its operation and maintenance, this application and any third party services used by it may collect system logs, in other words files which record interactions and which may also contain personal data such as the user’s IP address.

INFORMATION NOT CONTAINED IN THIS POLICY

Further information regarding the processing of personal data may be requested at any time from the data controller via the contact details provided.

RESPONSE TO “DO NOT TRACK” REQUESTS

This application does not support “Do Not Track” requests.

To find out whether any third party services used support such requests, the user is invited to consult the relative privacy policy.

MODIFICATIONS TO THIS PRIVACY POLICY

The data controller reserves the right to modify this privacy policy at any time by informing users on this page and, if possible, on this application in addition to, where technically and legally feasible, sending a notification to users via one of the contact methods held by the controller. Users are therefore asked to consult this page regularly and to check the date of the most recent modification, indicated at the bottom of the page.

Where modifications affect data processing whose legal basis is consent, the controller will undertake to request the user’s consent again, if necessary.

DEFINITION OF PERSONAL DATA (OR DATA)

Personal data is any information which, directly or indirectly, including where associated with any other information, including personal identification numbers, may identify or render identifiable a natural person.

USER DATA

This is information collected automatically by this application (including third party applications used by this application), and includes: IP addresses or domain names of computers used by visitors to this application, URI (Uniform Resource Identifier) addresses, the time of a request, the method used to forward the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server response (successful, error etc), the country of origin, the characteristics of the browser and the operating system used by the visitor, the various time details relating to the visit (e.g. time spent on each page) and details concerning the pathway taken within the application, with a particular focus on the sequence of pages consulted, the parameters of the operating system and the user’s digital environment.

USER

The individual who uses this application who, unless otherwise stated, coincides with the data subject.

DATA SUBJECT

The natural person to whom personal data relates.

DATA PROCESSOR (OR PROCESSOR)

The natural person, public company or any other body who processes personal data on behalf of the controller, as described in this privacy policy.

DATA CONTROLLER (OR CONTROLLER)

The natural or legal person, public company, service or other body which, individually or with others, determines the purposes and methods of personal data processing and the tools used, including security measures regarding the operation and use of this application. The data controller, unless otherwise stated, is the owner of this application.

THIS APPLICATION

The hardware or software used to collect and process users’ personal data.

SERVICE

The service provided by this application, as defined in the relevant terms and conditions (where present) on this website/application.
EUROPEAN UNION (EU)

Unless otherwise stated, all references to the European Union made in this document extend to all current members of the European Union and the European Economic Area.

COOKIES

Small pieces of data stored in the user’s device.

Unless otherwise stated, this privacy statement refers exclusively to this application.