Last Updated: August 1, 2019
As required by law, the Provider shall process personal data safely and only for the specified purposes.
The protection of personal data is a priority for the Provider. Storage of the personal data of Users shall be done exclusively for the purpose of providing the Services by the Provider and in order to exercise due rights.
a) ‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
b) ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
c) ‘restriction of processing’ means the marking of stored personal data with the aim of limiting their processing in the future;
d) ‘profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements;
e) ‘pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;
f) ‘filing system’ means any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis;
g) ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
h) ‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
i) ‘recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
j) ‘third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data;
k) ‘consent of the data subject’ means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her; ‘enterprise’ means a natural or legal person engaged in an economic activity, irrespective of its legal form, including partnerships or associations regularly engaged in an economic activity;
l) ‘supervisory authority’ means an independent public authority which is established by a Member State pursuant to Article 51 of Regulation no. 679/2016;
m) ‘cross-border processing’ means either:
(a) processing of personal data which takes place in the context of the activities of establishments in more than one Member State of a controller or processor in the Union where the controller or processor is established in more than one Member State; or (b) processing of personal data which takes place in the context of the activities of a single establishment of a controller or processor in the Union but which substantially affects or is likely to substantially affect data subjects in more than one Member State.
n) ‘personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
1. The Provider collects, stores, processes and uses the personal data provided by the User on registration (name, surname, place of residence, date of birth, email address etc), only if it is relevant and only if necessary to close and execute the agreement between Provider and User and so that the Provider comply with its legal obligations, exclusively based on the consent of the data subject.
2. The collected personal data shall only be used in compliance with the declared purposes. The collected personal data shall not be made public, sold, leased or transfered. However, the Provider will transmit the personal data to its authorized contractors to be processed for the specified purposes, as in the case of bank card or other processors.
3. The Provider may disclose personal data on request by competent public organizations/institutions in specific cases provided by the effectual regulations.
4. Data subjects will be informed explicitly by the available online means that their personal data will be processed, the purpose and the duration of the processing, as well as in regard to the rights they have concerning the collecting, processing and storing of that data. In general, the personal data will be collected directly from the data subject.
5. The Server Log Files of the Web Page store the information automatically provided by the computer of the User, such as: the browser version used, the operating system used, the URL (previously visited page), the IP address, the time the server was accessed.
6. The right to have access and information: the right to get from the Provider the confirmation that it processes Personal Data, as well as information concerning processing details, such as: purpose, personal data categories processed, data recipient, data storage duration, the existence of right to rectify, erase, or restrict the processing.
7. The right to make changes, or rectify data: the right to rectify, update, block, erase or restrict the unlawful processing of data, on demand and for free, especially in cases of incomplete and inaccurate data.
8. The right to erase: the right to request the erasing of personal data when it is no longer necessary for the purposes it was collected.
9. Consent withdrawal: the right to withdraw anytime the consent to process own Personal Data.
10. The right to oppose: the right to oppose to the lawful processing of own personal data performed by the Provider, based on motives linked to particular situations.
11. The right to request no longer to receive promotional messages.
12. The right to not be subject to decisions based exclusively on automated processing, including profile creation, that may have juridic effects.
13. The right to portability: as personal data is processed automatically, the User has the right to request the Provider to communicate the personal data in a structured, frequently used form, which can be read automatically.
14. The right to file a complaint to the supervisory authority: the right to file a complaint to Data Processing Supervisory Authority in case you consider that your rights have been breached.
16. Cookies are files that allow the user to connect correctly to the web-page of the Provider and ease the placement of orders; they also allowing statistical analyses to be made.
17. The Provider uses its own Cookie files for the purpose of remember who you are and your preferences
18. The Provider reserves the right to update and modify the present rules regarding Personal Data protection at any time and without prior notification. The new rules are effective the moment they are published on the Web-Page of the Provider.
19. The Provider is not responsible for deficiencies caused by fortuitous events that may endanger the security of the server hosting the database containing the Personal Data.
20. The Provider is not responsible for the confidentiality policy practiced by any third party accessible by links directing outside the web-page of the Provider.Back to the top