INFORMATION ON THE PROCESSING OF PERSONAL DATA
(ART. 13 EU REGULATION 679/2016)
Pursuant to Regulation (EU) 679/2016 (hereinafter also the Regulation) and Legislative Decree n. 196/2003 (Code regarding the protection of personal data) as amended by Legislative Decree n. 101/2018, of course:
"Personal data": any information concerning an identified or identifiable natural person ("interested"); the identifiable natural person who can be identified, directly or indirectly, with particular reference to an identifier such as the name, an identification number, location data, an online identifier or one or more characteristic elements of his physical identity, physiological, genetic, psychic, economic, cultural or social.
"Usage data": information collected automatically from this website (or third party applications that this website uses), including: IP addresses or domain names of computers used by the user connects with this site, the URI (Uniform Resource Identifier) addresses, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response from the server (good purpose, error, etc.) the country of origin, the characteristics of the browser and operating system used by the visitor, the various temporal connotations of the visit (for example the time spent on each page) and the details of the itinerary followed within the application, with particular reference to the sequence of the pages consulted, the parameters relating to the operating system and the information environment of the User.
"Treatment": any operation or set of operations, carried out with or without the aid of automated processes and applied to personal data or sets of personal data, such as the collection, registration, organization, structuring, storage, l 'adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of provision, comparison or interconnection, limitation, cancellation or destruction
"Profiling": any form of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or foresee aspects concerning professional performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements of said natural person
"User": the individual who navigates on this site, who must coincide with the interested party or be authorized by him and whose personal data are subject to any processing.
"Data Controller": the natural or legal person, public authority, service or other body which, individually or together with others, determines the purposes and means of processing personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria applicable to his designation may be established by Union or Member State law.
"Data Processor": the natural or legal person, public authority, service or other body that processes personal data on behalf of the data controller;
"Data protection officer (also Data Protection Officer - DPO)": compulsory figure in certain cases provided for in art. 37 of the Regulation. It carries out consultancy, monitoring, coordination and management of relations with the Control Authority regarding the processing of personal data.
"Communication": giving personal data to one or more specific subjects different from the interested party, from the representative of the owner in the territory of the European Union, from the manager or his representative in the territory of the European Union, from the persons authorized to process personal data under the direct authority of the owner or manager, in any form, including through their provision, consultation or interconnection;
"dissemination": the disclosure of personal data to undetermined subjects, in any form, including through their provision or consultation.
2. HOLDER OF THE TREATMENT
The companies that, independently or jointly, will process personal data provided by the subjects who visit and interact with the website www.hej-boo.com (hereinafter Site), are the following:
- MAG ENERGY S.R.L., with registered office in via Montefiorino 10/1 42123 Reggio Emilia (RE), Italy, Tax Code, registration number in the Reggio Emilia Business Registry and I.V.A. 03711500367 ("Mag Energy")
- DIGITAL TRIBOO S.R.L. - Triboo Group company - with registered office in Viale Sarca 336 20126 Milan, Italy, tax identification number, VAT number and Milan Business Registry 02912880966 ("Digital Triboo")
Mag Energy may act independently as Data Controller in accordance with the relevant definition contained in Article 4 of Section 7 of the Regulation, “the natural or legal person, public authority, service or other body which, individually or together with others, determines the purposes and means of the processing of personal data "or, in some cases specified below and jointly with Triboo Digitale, play the role of joint data controller having to be understood by such" two or more companies that jointly determine the purposes and means of processing ”as provided for by article 26 of the Regulation. From this point of view, for the purposes of this Notice, Mag Energy will be defined as "Data Controller" and, together with Triboo Digitale, "Data Processing Controller".
The Joint Data Controllers have established, through a co-ownership agreement pursuant to Article 26 of the Regulation, their respective responsibilities with regard to compliance with the obligations deriving from the current legislation on privacy; the essential content of this agreement is accessible to you by contacting each Co-owner at the references indicated in the paragraph of this information note called "Contact Data". It is understood that, regardless of the agreement, you may in any case exercise the rights recognized to you by the legislation towards and against each Co-owner, in relation to the treatments for which they act in this quality.
TYPE AND SOURCE OF DATA
As part of the use of the Site and / or communications sent to the addresses indicated on the Website itself, the Co-owners, independently or jointly, will process the data listed below:
Personal data voluntarily provided by the interested party
The Personal Data you directly and knowingly provided through the Site will be collected and processed on:
- of your browsing on the site, even as a non-logged user,
- Your registration on the Site and the use of the services reserved for registered users, including, in particular, the possibility of purchasing through the Website and storing data and information in your account, such as, for example, your personal data, the history of your orders and your possible returns, your preferred delivery and / or billing addresses;
- of your online purchase order;
- of your registration to the newsletter service;
- sending a request to Customer Service.
Such data may include, for example, name and surname, postal address and e-mail address, telephone number and date of birth, name of the child registered with the School holder of the distinctive sign affixed to the purchased Products.
Furthermore, the optional sending of electronic mail through the Website and / or to the addresses indicated on the Website entails the subsequent acquisition by Mag Energy of the sender's address, necessary to respond to the requests sent, as well as any additional personal data included in the message of electronic mail.
It should be noted that the information relating to the credit card used for the purpose of purchasing our products will not be collected, recorded and / or stored and / or in any way processed by the Data Controllers but only by the payment service provider, it same independent data controller.
The computer systems and procedures used to operate the Site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users connecting to the Site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user's IT environment. These data are processed for the sole purpose of obtaining statistical information on the use of the Site and to check its correct functioning. However, these data could be used to ascertain responsibility in the event of any wrongdoing committed against the Site.
Cookies are used to ensure the operation of the Site and to improve the service offered. Cookies are small text files that the sites visited by the user send to their terminal (usually the browser), where they are stored before being re-transmitted to the same sites at the next visit by the same user. For more information, to know the cookies used on the Site and eventually disable them and / or deny consent, refer to the cookies policy.
PURPOSE, LEGAL BASIS OF THE TREATMENT AND NATURE OF THE PROVISION OF DATA
The Personal Data will be used for the following purposes by Mag Energy, as an independent owner:
a) respond to the requests you formulated by sending e-mail messages;
b) follow up on your online purchase order and therefore to carry out all order management activities other than those referred to in point d) and e) below;
c) subject to his specific consent, for direct marketing purposes: specifically, sending promotional and information communications regarding the products offered by the Data Controller, advertising material, catalogs;
The Personal Data may be used for the following purposes by the co-owners:
d) follow-up on your online purchase order and therefore to carry out all order management activities limited to the administrative management of the contract, the management of payments, credits and any disputes and fraud prevention, as well as in compliance with all the obligations imposed by the laws and regulations in force.
e) management of relations with users before and after purchase of products through the Website (c.d. customer care) including administrative and accounting management of returns.
The legal basis of the processing in relation to the purposes referred to in letters a), b), d) and e) is that provided by art. 6, paragraph 1, letter b) of Regulation (EU) 679/2016, which legitimizes the processing where the same is necessary for the execution of a contract of which the interested party is part or the execution of pre-contractual measures adopted at the request of the 'interested.
The provision of your personal data for these purposes is optional but failure to provide such data would make it impossible for the Data Controller to find the requests received and to process your order.
The legal basis of the processing in relation to the purposes referred to in letter c) is the consent of the data subject (in Article 6, paragraph 1, letter a) of Regulation (EU) 679/2016).
The provision of your personal data for this purpose is optional and your refusal does not have any other effect than to not inform you about initiatives that could interest you and / or send you any other commercial information on products, initiatives and events relating to Products and services offered by the Owner.
At any time you can change or revoke your consent or oppose the processing using the "unsubscribe" link present in all electronic commercial communications.
COMMUNICATION AND ADDRESSEES OF PERSONAL DATA
The personal data you provide will be processed by employees and collaborators of the Data Controllers for the sole purpose of performing the service / responding to user requests, unless communication is required by law.
These data may also be processed on behalf of the Co-holders by external parties who will act as Data Processors, such as companies, consultants and professional offices that provide assistance and / or consultancy services, or that carry out, on behalf of Co-owners of connected and instrumental services for the purposes of data processing, such as by way of example: order management, freight forwarding, complaint handling, IT services, etc.). The personal data provided will not be subject to communication or dissemination to third parties.
METHODS AND MEANS OF TREATMENT
Personal data is processed by automated tools, for the time necessary to achieve the purposes for which it was collected.
Specific security measures are observed to prevent the loss of data, illicit or incorrect use and unauthorized access in compliance with the obligations to adapt to adequate security measures. All the data will in fact be acquired and stored in accordance with articles 32, 33 and following of the Regulations.
The Joint Data Controllers are not responsible for errors, contents, cookies, publications of unlawful immoral content, advertising, banners or files that do not comply with the regulations in force by sites not managed by the same.
TRANSFER OF DATA TO A THIRD COUNTRY
There is no transfer of data to a third country.
DURATION OF TREATMENT
The personal data acquired as a result of sending e-mail messages to the addresses indicated on the Site will be kept by Mag Energy for the duration necessary to carry out the activities requested by the User / response to the information requested and in any case for a time not exceeding 24 months from sending the data.
The storage time may extend and lead to the subsequent acquisition of additional data in the event that the user himself requests services or purchases goods; in this case, the duration of the processing, for administrative, accounting, tax and contractual purposes by the Co-holders, may be extended up to 10 years from the termination of the relationship, as required by current regulations (art. 2220 of the Civil Code, art. 22 of the Decree of the President of the Republic of 09/29/1973 No. 600 and Article 2200 of the Civil Code).
The technical navigation cookies (described in the appropriate cookie information), will be stored for the sole purpose of allowing the correct technical functioning of the site itself and will expire automatically when the browser is closed.
RIGHTS OF INTERESTED PARTIES
The interested party has the right to obtain at any time access to his information (Article 15), their correction or integration (Article 16), their cancellation (the so-called right to be forgotten, Article 17), the limitation of the processing (art. 18) the right to the portability of your data (art. 20), the right to object to the processing of your data for particular reasons (art. 21) and not to be subjected to an automated decision-making process (art .22); furthermore, the interested party always has the right to lodge a complaint with the Guarantor Authority for the processing of personal data (www.garanteprivacy.it). The following is the article 13 of the European Regulation 679/2016 which lists these rights.
Art. 13 "Information to be provided if personal data is collected from the data subject"
1. In the event of collection of data concerning him by the data subject, the data controller shall provide the interested party with the following information when the personal data is obtained:
a) the identity and contact details of the data controller and, where applicable, his representative;
b) the contact details of the data protection officer, where applicable;
c) the purposes of the processing for which the personal data are intended as well as the legal basis of the processing;
d) if the processing is based on Article 6, paragraph 1, letter f), the legitimate interests pursued by the data controller or third parties;
e) any recipients or any categories of recipients of personal data;
f) where applicable, the intention of the controller to transfer personal data to a third country or international organization and the existence or absence of a Commission adequacy decision or, in the case of transfers referred to in Article 46 or 47, or Article 49, second paragraph, the reference to appropriate or appropriate guarantees and the means to obtain a copy of such data or the place where they have been made available.
2. In addition to the information referred to in paragraph 1, when the personal data are obtained, the data controller shall provide the data subject with the following additional information necessary to ensure correct and transparent processing:
a) the period of storage of personal data or, if this is not possible, the criteria used to determine this period;
b) the existence of the data subject's right to ask the data controller for access to personal data and the correction or cancellation of the same or the limitation of the processing that concern them or to oppose their treatment, in addition to the right to portability some data;
c) if the processing is based on article 6, paragraph 1, letter a), or on article 9, paragraph 2, letter a), the existence of the right to revoke the consent at any time without jeopardizing the lawfulness of the processing based on the consent given before the revocation;
d) the right to lodge a complaint with a supervisory authority;
e) if the communication of personal data is a legal or contractual obligation or a necessary requirement for the conclusion of a contract, and if the interested party has the obligation to provide personal data as well as the possible consequences of the failure to communicate such data;
f) the existence of an automated decision-making process, including the profiling referred to in Article 22, paragraphs 1 and 4, and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such treatment for the interested party.
3. If the data controller intends to further process personal data for a purpose other than that for which they were collected, prior to such further processing he shall provide the interested party with information regarding this different purpose and any other pertinent information referred to in the paragraph 2.
4. Paragraphs 1, 2 and 3 do not apply if and to the extent that the data subject already has the information.
Requests relating to Article 13 of EU Regulation 679/2016 may be addressed:
to Mag Energy, via the e-mail address email@example.com for the following processing purposes:
a) respond to the requests you formulated by sending e-mail messages;
b) follow up on your online purchase order and therefore to carry out all order management activities;
c) direct marketing: specifically, sending of promotional and information communications regarding the products offered by the Data Controller, advertising material, catalogs;
to the Co-owners and, in particular,
- to Mag Energy, via the e-mail address firstname.lastname@example.org
- to Triboo Digitale, via the e-mail address email@example.com for the following processing purposes:
d) follow-up on your online purchase order and therefore to carry out all order management activities limited to the administrative management of the contract, the management of payments, credits and any disputes and fraud prevention, as well as in compliance with all the obligations imposed by the laws and regulations in force
e) management of relations with users before and after purchase of products through the Website (c.d. customer care) including administrative and accounting management of returns
RESPONSIBLE FOR DATA PROTECTION - DPO
If you would like to contact the Data Protection Officer of Triboo Digitale - Avv. Lapo Curini Galletti - you can do so at the following e-mail address: firstname.lastname@example.org
Mag Energy declares that it has not identified the figure of the Data Protection Officer (RPD or DPO), as it is not subject to the obligation of designation set forth in art. 37 of the Regulation