Be advised that changing your location while shopping will remove all the contents from your shopping bag.
NOMINATION SRL, via F.lli Bandiera 22, 50019 Sesto Fiorentino, VAT identification number 05018590488, email: firstname.lastname@example.org, gives maximum importance to the rights of its customers with regards to the protection of personal data and to its legal obligations, in its capacity as Data Controller for the Processing of Data (hereafter: “Data Controller”).
In accordance with (EU) Regulation n. 2016/679 (hereafter “GDPR”, general provisions concerning the protection of physical persons relating to the processing of personal data and the free circulation of such data), this Privacy Declaration (“Declaration”) describes the ways in which we process the personal data of customers, gathered via www.nomination.com (“Site” or “Website”) and using other tools (e.g. social media, cookies, etc.), in compliance with the regulation cited above and with the principle of transparency stipulated in art. 5 of the GDPR. We invite you to read this declaration carefully.
1. TYPES OF PERSONAL DATA GATHERED REGARDING THE CUSTOMER
The personal data gathered by this Website, either autonomously or through third parties, for the purposes described in this Policy, includes:
- • Contact information (for example, name, surname, date of birth, nationality, email address, postal address, telephone number and any other personal data) provided by the Customer through completion of the forms present on the Site, including those allowing subscription to the newsletter, registration and the creation of an account on the Site;
- • Information relating to any electronic commercial transactions that take place, including the sending of purchasing forms, as well as any linked to pre-sale and post-sale assistance;
- • Personal data that may be contained within communications sent by the Customer, for example to signal a problem or to voice a request, uncertainty or comment relating to the Site and/or its content;
- • Information deriving from questionnaires and/or surveys that we may carry out from time to time on the Site for the purposes of research, if the Customer decides to respond or to take part;
- •Personal data contained in communication deriving from Customer Service services via the applications Whatsapp and Zendesk.
The provision of such data is not obligatory. Personal Data can be provided freely by the Customer, or, in the case of Usage Data, gathered automatically during use of this Website. Communication of personal data (especially personal information, email address, postal address and telephone number) is necessary to provide the services offered by the Site at the Customer’s request, to conclude transactions, or, when necessary, to meet obligations stipulated by law or regulations in force. A refusal to provide personal data that is required to meet the aims described above may prevent us from complying with legal provisions and other standards in force. Consequently, a failure to provide personal data may, in some cases, legitimately and justifiably preclude us from providing the services offered on the Site.
The Customer assumes responsibility for third party Personal Data that is obtained, published or shared through this Website, and guarantees that they have the right to communicate or disseminate such data, freeing the Data Controller from any responsibilities regarding third parties.
2. LEGAL BASIS OF PROCESSING
- Processing is necessary to execute a contract and/or to execute pre-contractual measures;
- Processing takes place based on the prior and explicit consent of the Customer, for example to carry out marketing activities;
- Processing is necessary to comply with a legal obligation to which the Data Controller is subject;
- Processing is necessary to perform a task carried out in the public interest or to exercise public powers in which the Data Controller is invested;
- Processing is necessary to pursue legitimate interests of the Data Controller or third parties;
It should be noted that, based on current legislation, this type of contact (so-called “soft spam”) does not require the provision of consent. The Customer may, in any case and at any time, request an interruption to the processing of their data in this way, which the Data Controller must put into effect without delay.
It is, furthermore, always possible to request that the Data Controller clarifies the concrete legal basis of every processing operation, and in particular to specify whether the processing has a basis.
3. PURPOSES OF PROCESSING
The personal data provided by you is processed:
Without your explicit consent, pursuant to art. 6 lett. b) and e) of the GDPR, for the following service purposes:
a) Management and execution of pre-contractual and contractual obligations, including the correct execution of acquisitions through the “Site”;
b) Insertion of data into the company’s database to monitor the execution of the contract, including for invoicing aims;
c) Stipulation and execution of the contract and all related activities and consequences, including, by way of example, the correction and modification of products and services offered;
d) Management of fiscal and accounting compliance and all related activities, including, by way of example, invoicing, documentation, refunds in the event of tax free shopping, credit protection, administrative services, management services, and functional services relating to execution;
e) Compliance with legal obligations stipulated by law, regulations and community legislation;
f) The exercising of the rights of the Data Controller, including rights that are enforceable in a court of law.
Subject to specific consent, for the following additional purposes:
g) Direct marketing carried out by the Data Controller, using traditional and/or automated means, which may not entail the intervention of the operator, with the aim of improving the range of products and services offered and receiving communications, newsletters, informative and/or promotional materials, assessing the level of customer satisfaction or concerning events and initiatives, market research or other trade research and direct sales, information and updates regarding products, sales, promotional campaigns, events and other initiatives via automated (email, SMS, newsletter, MMS and/or instant messaging) and traditional (telephone calls with operators and/or post) means of contact;
h) Direct marketing carried out by third parties, via traditional and/or automated means, which may not entail the intervention of the operator, with the aim of receiving communications, newsletters, informative and/or promotional materials, assessing the level of customer satisfaction or concerning events and initiatives, market research or other trade research and direct sales, statistics, interaction with social networks and external platforms, comments on content, through automated (email, SMS, newsletter, MMS and/or instant messaging) and traditional (telephone calls with the operator and/or post) means of contact, in their capacity as Commercial Partners operating within the relevant product sector;
i) Profiling activities carried out via automated means, which aim to improve the range of products and services offered and, partly through the electronic processing of data and the profile and through analysis of the habits and consumption choices of the Customer, enable the identification of preferences, behaviour and interests relating to products and services used, with the aim of rendering the products and initiatives more relevant to the tastes and needs of the Customer.
j) Research activities, using non-automated means, investigating consumption habits with the aim of making products and initiatives more relevant to the tastes of the Customer. Such activities have the exclusive aim of offering customers and users products, services and initiatives that are more relevant to their needs, using methods that do not invade their personal sphere.
At any time and free of charge, data subjects can exercise their right to object, either in full or in part, to the processing of their data for the purposes described in points g), h), i) and j).
The provision of personal data relating to the purposes described in points g), h), i), and j) is optional and its use is subject to the provision of explicit consent. If you refuse to provide consent, this will make it impossible for you to subscribe to the “Newsletter”, to the “Joy of Life Club”, and will preclude you from receiving informative and promotional information, brochures and communications relating to products, promotions and services offered by our Company.
Within the context of the sending of publicity material, promotional material, informative material and/or brochures, please note that consent to the processing of personal data can be withdrawn at any time by selecting the relevant “delete” box, which you can access via a link contained within the communications sent.
Such data (especially personal details, email address, postal address, telephone number and bank details – in the case of payment via credit card) is necessary to conclude contracts for the acquisition of products via the site, or for some “pre”-sale and “post”-sale services, or to comply with obligations driving from legal or regulatory standards. As indicated above, a failure to provide this data may constitute a legitimate and justified reason for not executing a contract for the acquisition of products online and/or the provision of linked services, depending on the case in question.
We also inform you that our Company uses the IP addresses of visitors, in an entirely anonymous way, to monitor traffic on the Site.
4. MEANS AND LOCATION OF THE PROCESSING OF PERSONAL DATA GATHERED
4.1 Means of processing and security
In some cases, in addition to the Data Controller, the following may have access to Data: other subjects involved in the organisation of this Website and companies affiliated and/or linked to Nomination Srl, (administrative, commercial, marketing and legal staff and system administrators) or external subjects (such as third party providers of technical services, postal couriers, advisors, hosting providers, information companies, communication agencies, credit institutions for the management of payments via credit card) who have been appointed, including, if necessary, Data Processors operating on behalf of the Data Controller. An updated list of Data Processors can always be requested from the Data Controller.
4.2 The Location of the Processing and Transfer of Data
Data is processed at the operational headquarters of the Data Controller and in other locations where parties involved in processing are located. For more information, contact the Data Controller.
Personal Data is saved on servers located in the member states of the European Union, but, pursuant to art. 44 and ss. of the GDPR, the Data Controller, where necessary, reserves the right to transfer such servers, including to third countries that do not belong to the European Union, in compliance with applicable legal provisions.
The Customer has the right to obtain information relating to the legal basis of the transfer of Data outside the European Union or to an international organisation of public international law or consisting of two or more countries, as well as information relating to the security measures adopted by the Data Controller to protect Data.
5. PERIOD OF PRESERVATION
In compliance with principles of lawfulness, limitation of purposes and minimisation of data, pursuant to the GDPR, the period of preservation of the personal data of users is determined for a period of time no greater than that which is required to fulfil the purposes for which the data is gathered and processed, in compliance with time-frames stipulated by law and by provisions of the Italian Data Protection Authority. Therefore:
- • Personal data gathered for aims linked to the execution of a contract between the Data Controller and the User will only be processed until this contract has been executed. Personal data gathered for sales purposes is preserved for a period of no longer than 24 months in compliance with current legislation.
- • Personal data gathered for purposes linked to the legitimate interest of the Data Controller will be processed until such interest has been satisfied for a period of no longer than 12 months in compliance with current legislation. The User can obtain further information relating to the legitimate interest pursued by the Data Controller in the relevant sections of this document, or by contacting the Data Controller.
When processing is based on consent from the User, the Data Controller can preserve Personal Data for a longer period, until such consent is withdrawn. Furthermore, the Data Controller may be obliged to preserve Personal Data for a longer period, to comply with a legal obligation or an order emanating from a relevant authority. At the end of the period of preservation, Personal Data will be deleted. Therefore, at the expiration of this period, the rights to access, to deletion and to rectification, as well as the right to the portability of data, can no longer be exercised.
6. THE RIGHTS OF THE DATA SUBJECT
The Data Subject may, at any time, exercise the following rights:
- The right to withdraw consent at any time. The data subject may withdraw consent to the processing of their Personal Data that has previously been given. The data subject should contact us directly as the following address: email@example.com.To withdraw consent to the receiving of our newsletter, you can do this automatically by following the link that you will find at the bottom of each communication;
- The right to access your own Data. The data subject has the right to obtain information on the Data processed by the Data Controller, on certain aspects of processing, and to receive a copy of the Data processed. He/she can contact us directly at the address: firstname.lastname@example.org.
- The right to rectification. The data subject can verify the correctness of his/her Data and request the updating and/or correction of this Data. He/she can contact us directly at the address: email@example.com.
- The right to the limitation or processing. Under certain conditions, the data subject can request the limitation of the processing of his/her Data. In this case, the Data Controller will not process the data for any other reason than its preservation.
- The right to the deletion or removal of your own Personal Data. Under certain conditions, the Data Subject can request the deletion of his/her Data by the Data Controller.
- The right to the portability of data. The Data Subject has the right to receive his/her Data in a structured, commonly used and machine-readable format, and, where technically feasible, to obtain the transfer of this Data without hindrance to another data controller. This provision is applicable if the Data is processed with automated tools and the processing carried out is based on the consent of the Customer, on a contract to which the Customer is party, or on contractual measures linked to this.
- The right to make a complaint. The data subject can make a complaint to the relevant supervisory authority for the protection of personal data, or engage in legal proceedings.
- The right to oppose the processing of data for commercial purposes. At any time, the data subject has the right to object to the processing of his/her data if this is used for direct marketing and commercial purposes.
7.MEANS OF EXERCISING RIGHTS
At any moment, you can exercise your rights as described above in written form, by sending a registered letter (with acknowledgement of receipt) to the company NOMINATION SRL, Via F.lli Bandiera 22, 50019 Sesto Fiorentino (FI), or, alternatively, via electronic post to the email address firstname.lastname@example.org, or to the email address email@example.com and to the certified email address firstname.lastname@example.org . Requests are handled free of charge and processed by the Data Controller within the shortest period possible, and in any case within one month.
8.THE RIGHTS OF MINORS
The services offered by the Data Controller and the Site managed by the Data Controller are not targeted at minors below 16 years of age (or below the age limit established by legislation in the User’s country of residence), from whom the Data Controller does not intentionally gather (and then use) information and personal data. In order to protect the security and privacy of minors, wherever such information is involuntarily gathered and/or recorded, the Data Controller undertakes, upon request, to delete it promptly. Registration with the Site implies confirmation that the User has reached the age of majority in his/her country of residence.
9. MODIFICATIONS TO THIS DECLARATION
If modifications are made that affect processing operations whose legal basis is consent, the Data Controller undertakes to gather the User’s consent again, if necessary.
11. FURTHER INFORMATION REGARDING THE PROCESSING OF DATA
The Personal Data of the User may be used by the Data Controller for legal action or in the preparatory phases for the eventual establishment of a defence against misuse of this Website or connected Services on the part of the User.
The User declares that he/she is aware that the Data Controller may be obliged to divulge Data by order of public authorities.
System Log and Maintenance
For reasons linked to its functioning and maintenance, this Site and eventual third party services used by the Site may collect system Logs, or files that register interactions and that may also contain Personal Data, such as the User’s IP address.
Chat Live Help®
The Chat LiveHelp® services present on this site is managed by Sostanza S.r.l., which is the external Data Controller for the data that is collected via this service. For more information please read the Terms and Conditions of the service at: www.livehelp.it
Information that is not contained in this Policy
Further information relating to the processing of Personal Data can be requested at any time from the Data Controller, using the contact details provided.
Cookies are short lines of texts stored on your computer by websites you’ve visited. They are widely used in order to make websites work more efficiently, as well as to provide information to the website owner. They are used to store information about visitors preferences and record user-specific information (authentication, language, location and other). Part of the information collected is used for statistics and marketing purposes.
• Session cookies (they are deleted when the browser is closed)
• Persistent cookies (they are deleted after a fixed period of time)
• First-party cookies (they can be read by the domain being visited only)
• Third-party cookies (they are created and subject to external domains, different than the visited website)
The table below summarizes which cookies are used.
These cookies are used to collect information about how visitors use the website. This information is used to compile report and assist with site improvement. Cookies collect information in an anonymous form, including the number of website’s visitors, where visitors have come to the website from and the pages they visited.
This cookie is fundamental to manage users sessions. This cookie collects information in an anonymous form and is deleted when the browser is closed.
Most web browsers enable to control cookies management through settings. For further information on cookies, including how to verify saved cookies, how to manage cookies settings and how to delete them, please visit www.aboutcookies.org o www.allaboutcookies.org.
To disable tracking by Google Analytics across all websites, please visit http://tools.google.com/dlpage/gaoptout.