Privacy Policy
INTRODUCTION
as per Article 13 of EU Regulation 2016/679, General Data Protection Regulation (“GDPR”) and the Italian Legislative Decree no. 196/2003, Italian Data Protection Code (“Privacy Code”)
This information notice is provided for the website www.englishlavender.com, owned and managed by Euroitalia S.r.l. (the “Website”) and not for other third-party websites that may be accessed by the user through link.
The information notice applies to all users interacting with the pages of the Website, that either use the Website without registering to it or, at the end of an appropriate procedure, register themselves to the Website and use the online services offered through it.
The information notice is provided according to Article 13 of EU Regulation 2016/679, General Data Protection Regulation (“GDPR”) and, to the extent it applies, to Italian Legislative Decree no. 196/2003, Italian Data Protection Code (“Privacy Code”), as subsequently amended and supplemented.
Third-party websites that are possibly referred to in this Website are regulated by a separate privacy policy and that are in no way linked to this information notice.
Euroitalia S.r.l.
Via Galileo Galilei, 5
20873 Cavenago di Brianza (MB)
VAT no. 00788550960 and Tax Code 04719670152
(“EuroItalia”, “Company” or “ Data Controller”)
- PERSONAL DATA PROCESSED
In addition to the provisions set forth in other pages (with particular reference to the “Cookie”), through the Website and the use of the respective features and/or subscription to services offered therein, the following data can be collected and processed:
- browsing information: they are data that the server collects automatically at every access to the website, such as IP addresses or domain names of computers used by the users to connect to the Website, URI addresses (Uniform Resource Identifiers) of requested resources, the time of the request, the method used to submit the request to the server, the dimension of the files obtained as an answer, the code number which indicates the answer status supplied by the server ( i.e. good result, mistake, etc.) and other parameters related to the operating system and to the users’ IT environment. Within the scope of such category are the “Social Button”, which exclusively allows the link and view of social profiles of the brand “English Lavender” (created on social networks such as, by way of example, Facebook, Instagram, YouTube). Such “buttons” only allow users browsing the website to directly reach with a “click” “English Lavender” in the social networks. Interactions taking place in the social networks are in any case subject to the rules and privacy settings of the respective social networks;
- personal data voluntarily provided by the users/visitors : they are data that are provided by users by filling in electronic forms for the purpose of registering and creating an account on the Website, proceeding to the delivery of a purchasing order and/or formulating a request for information, such as name, surname, date of birth, email address, address, phone number (also mobile phone number) and additional data or information contained in messages sent to the contacts indicated on the Website or by filling in forms published on the Website and for the purpose of subscription to specific services, such as the creation of a “wish list” or the subscription to the newsletter service. The data related to the order and the purchasing process fall within the scope of this category;
- data related to the online payments: with regard to the data related to the payments provided by the users, Euroitalia will only process data consisting in payment status information (successfully completed/refused) provided by the online-payment companies and by credit institutions managing the payments with credit cards. All additional information related to the account (e.g. PayPal), to the prepaid card or to the credit card are stored by the entities managing the related service, which are not authorised to use the data provided through the Website for different purposes.
For the purposes indicated in this information notice, the Company does not collect or process any data relating to the user that may be regarded as “special categories of data” pursuant to GDPR (such as, by way of example, personal data revealing racial or ethnic origin, religious, philosophical or other beliefs, political opinions or trade union membership and data concerning the health of the data subject).
Users are expressly required not to provide such data within the filling in of contact forms and not to communicate to the Customer Service, also by phone, any information that can be regarded as special categories of data as described above.
- LEGAL BASIS AND PURPOSE OF PROCESSING
The processing of personal data is based on the consent voluntary provided by the user within the filling in of dedicated forms published on the Website as well as specific sections for the collection of personal data, on the existence of a contractual or legal obligation or, as the case may be and as specified in more detail below, on a legitimate interest of the Company, and is exclusively carried out for the following purposes:
(i) fulfilment of contractual or pre-contractual obligations - for the registration on the Website (and the creation of an Account) and the correct execution of other services requested through the Website and/or through electronic forms herein published and, therefore, for managing and processing orders of products placed through the Website and for fulfilling all obligations arising out of pre-contractual or contractual relationships with the user. Administrative and accounting purposes related to and arising out of the contract entered into with the user, also with regard to electronic transmission of order confirmations, invoices and communications concerning the delivery of the order by Euroitalia or by other companies appointed by this latter, as well as for the purposes related to the management of discounts, promotional sales and promotions fall within the scope of this purpose. Customer Service and, therefore, the processing of users’ personal data for managing and answering to assistance requests in relation to one or more of the products or services available on the Website are included in the contractual scope of data processing;
(ii) fulfilment of legal obligations - for the fulfilment of obligations stemming from national and/or European laws or regulations in force, included the Tax and cosmetovigilance area, as well as the fulfilment of provisions of the competent entities or authorities;
(iii) on the basis of a legitimate interest of the Company - for the legal defence of a right or interest under any competent authority or entity (even with respect to cybercrime and for the purpose of credit recovery); to improve services and browsing experience; to carry out statistical analysis and market research on aggregated data; to send to the customers - via email - communications containing information related to products or services offered by Euroitalia similar to products or services already purchased by the customer, unless the client objects to such data processing (so-called soft-spamming). This also includes the sending of communications by email aimed at inviting the customer/user to complete a purchase on the Website, in the case of e-commerce orders that have been opened and not yet closed (so-called “abandoned cart”);
(iv) on the basis of consent (which is voluntary and can be withdrawn at any time) : for sending the newsletter and advertising material relating to products and/or services of EuroItalia, by means of automated systems, such as e-mail, SMS or MMS, or by traditional means (paper mail) (so-called marketing purposes) and/or for the processing of the commercial profile of the user or customer, through the detection and processing of their choices and purchasing habits on the Website, in order to both monitor the degree of customer satisfaction and to ensure better satisfaction of the needs of the same and to send advertising material relating to products and/or services of Euroitalia of specific interest (so-called profiling purposes).
We inform you that profiling is carried out through the collection and processing of individual and/or identification data (personal data, contact data) and their association or cross-referencing with interests or consumer preferences (in relation, for example, to the type of purchases made and/or, limited to users who have registered on the Website by creating an account, to the purchase preferences expressed through the inclusion of products in the "Wish List") and/or other macro-indicators, such as geographical distribution, age group, gender (male or female).
Profiling may also be carried out on the basis of aggregate data stemming from individual personal data. However, it is not possible to exclude that the data used for this purpose, even if in aggregate form, allow the identification of the data subjects.
- CONSEQUENCES OF THE REFUSAL TO PROVIDE DATA
The provision of data for the purposes set out in paragraphs (i) (fulfilment of contractual obligations) and (ii) ( fulfilment of legal obligations) indicated above is purely optional. However, since the processing of data for such purposes is necessary in order to allow the browsing experience on the Website and the use of the online services offered through the Website, included those deriving from and/or linked to the placement of a purchasing order, the missing, partial or incorrect provision of data will prevent, according to the circumstances, the availability of the registration process on the Website and the management and processing of the order and/or the use of the services offered online and, in general, the processing of users’ specific requests.
With regard to point (iii) (legitimate interest of Euroitalia), the user's express consent is not required but it is always possible to object to such processing by exercising the data subject's rights pursuant to Article 10 below.
The provision of data and consent for the purposes referred to in point (iv) (direct marketing and profiling) is optional. However, if the customer does not give his or her consent to the processing of data for the additional purposes listed above, he or she will not be able to benefit from personalised discounts and dedicated offers, nor will he or she be able to receive promotional information by means of direct communications.
The customer/user may, in any case, withdraw his/her consent, if given for marketing and/or profiling purposes, at any time, according to the procedures described in Article 10 below.
It is understood that any subsequent withdrawal of consent will not affect the lawfulness of the data processing carried out in the period prior to such withdrawal.
- DATA COMMUNICATION
Data can be communicated to the following categories of subjects:
- to all those parties (included the Public Authorities) having access to the personal data according to law or administrative provisions;
- to all those public and/or private parties, individuals and/or legal entities should the communication be necessary or otherwise required for the correct fulfilment of contractual or legal obligations.
In addition to the above, in order to pursue the mentioned purposes, personal data may be disclosed to third parties operating on behalf of the Company, such as, by way of example and not limited to:
- companies, consultants or professionals that may be in charge of the set-up, maintenance, updating and, in general, the management of the hardware and software of the Website;
- couriers and shippers responsible for the delivery of the products purchased through the Website;
- companies providing for the drafting and sending of informative and promotional communications;
- legal and tax professionals and consultants providing their services to the Company;
that will process the personal data in their quality as data processors on behalf of the Company.
In any case personal data will not be transferred to extra-EU Countries or outside the EEA.
- DATA RETENTION
Personal data will be retained for the entire duration of the contractual relationship with the Company and, subsequently, for the period of time allowed by applicable law on statutory or time limitation periods (also with respect to administrative and tax purposes) and, in general, for the time necessary for the exercise/defence of the rights of Euroitalia in relation to claims raised by public authorities, public entities and private subjects.
Personal data, based on consent and processed for marketing and profiling purposes, will be retained until consent is withdrawn by the customer/user.
- MINORS UNDER 16 YEARS
The Website does not contain any information or functionality or service directly offered to users under the age of 16 years. Minors shall not provide information or personal data without the consent of the holder of parental responsibility. Euroitalia therefore invites any user under the age of 16 to avoid any communication of personal data without prior authorisation by a parent or by the holder of parental responsibility. In case the Company will be notified the fact that personal data have been provided by a minor under the age of 16, the Company will immediately delete such data and request appropriate consent by the parents (or by the holder of parental responsibility), reserving the right to prevent any access to the services offered on the Website to any user who hided his/her minor age or who communicated personal data without consent by the parents (or by the holder of parental responsibility).
- RIGHTS OF DATA SUBJECTS
As a data subject, the user may ask to the Data Controller to exercise the following rights:
Right to access
The user may ask whether or not his/her personal data are processed and, if so, have access to that data and to specific information on the processing, such as information on the purposes, on the categories of personal data concerned, on the existence of other rights as set out below. The user may also request copy of his/her personal data.
Right to rectification
The user has the right to request and to have his/her data rectified in case of inaccuracy or incompleteness.
Right to erasure
The user has the right to have his/her data erased without undue delay if, inter alia, (i) such data are no longer necessary in relation to the initial purposes for which they were collected, (ii) he/she objects to the processing of his/her personal data (as indicated below) and there is no other legitimate and prevailing reason for processing, (iii) user’s data are unlawfully processed, (iv) data shall be deleted for the fulfilment of a legal obligation (v) personal data of a minor under the age of 16 have been collected in relation to an offer of services addressed to the information society.
The right to erasure does not apply if the processing is necessary for, among other purposes, the performance of a legal obligation or for the establishment, exercise or defence of legal claims.
Right to restriction of processing
The user has the right to obtain the restriction of processing, meaning that the processing activity will be suspended for a period of time. The circumstances under which this right can be exercised include cases in which the accuracy of personal data was contested but a period of time is necessary to verify the accuracy of such data. The exercise of such right does not prevent from carrying out the processing of personal data.
Right to data portability
In case of processing carried out by automated means, based on consent or based on the fulfilment of contractual obligations, the user has the right to request and receive personal data in a structured, commonly used and machine-readable format and to transmit the data to another Data Controller. He/she has also the right to request the direct transmission from a Data Controller to another Data Controller, where technically feasible, without prejudice to the possibility to obtain the erasure of the data, as indicated above.
Right to object
The user has the right to object at any time, for reasons related to his/her particular situation, to the processing based on a legitimate interest of the Data Controller, unless the Data Controller can demonstrate legitimate and mandatory grounds for processing that prevail on the interests, rights and fundamental freedoms of the data subject or that the data are necessary for the establishment, exercise or defence of legal claims. Moreover, he/she has the right to object to the processing of data for marketing purposes.
The user has the right to present a claim before the Supervisory Authority (http://www.garanteprivacy.it/ ) if he or she believes that the data processing violates the provisions of the Regulation.
Exercise of the above rights
The above rights can be exercised by sending without any formality a request to the Data Controller. The request can be sent to the Data Controller via paper mail or e-mail to the following addresses: Via Galileo Galilei, 5, 20873 Cavenago di Brianza (MB) - email: privacy@euroitalia.it.
*
This Privacy Policy can be amended and updated, also depending on modifications of the applicable law provision.
Amendments and updates will be communicated to the user through their publication on the home page of the Website and will be applicable and binding from the moment of their publication.
*
The Company therefore invites users to periodically visit the present page for the purpose of being informed of any change or update.
Last update: August 2023