INFORMATION REGARDING THE PROCESSING OF USERS' PERSONAL DATA CARRIED OUT AS A RESULT OF BROWSING THE OWNER'S WEBSITE MADE PURSUANT TO ART. 13 OF EU REG. 679/16.
Dear User, in accordance with EU Reg. 679/16, this page describes the methods for processing the personal data of users who navigate on the Owner's website accessible at the following addresses: https://shopmelissa.com
This information does not concern other sites or pages or online services that can be reached via hypertext links that may be published on the site but which refer to resources outside the Owner's domain.
Following consultation of the site listed above, data relating to identified or identifiable natural persons may be processed. The data controller is Grendene Italy S.r.l., with registered office and headquarters at via Largo Guido Donegani, 2, 20121, Milan, Italy, VAT no. 08362280961, e-mail: [email protected], pec: [email protected], tel. +39.0283421760, fax +39.0283421761, in the person of its pro tempore legal representative. This website is developed by Grendene S/A.
1) TYPE AND ORIGIN OF PERSONAL DATA PROCESSED Navigation data The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes IP addresses or domain names of the computers and terminals used by users, the URI/URL (Uniform Resource Identifier/Locator) addresses of the resources requested, the time of the request, the method used to submit the request to the server (POST or GET), the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's computer environment, such as the browser used. Data communicated by the user The user can leave his data on the site using one of the following services. a) Purchase of products via e-commerce. b) Newsletter subscription c) Requesting support and assistance via chat or telephone. When using each of the above services, the user voluntarily provides personal data. The processing of personal data by the Owner is described in the specific information below.
2. PURPOSE OF PROCESSING a. Navigation data. The navigation data processed, which are necessary for the use of the web services, are also processed for the purpose of - obtain statistical information on the use of the services (most visited pages, number of visitors by time slot or daily, geographical areas of origin, etc.); - checking the correct functioning of the services offered. b. Data communicated by the interested parties. With reference to the data communicated by the interested parties when purchasing products for sale on the site, when subscribing to the newsletter service or in the event of requests for support and assistance via chat and telephone, the Data Controller refers to the specific information for each individual treatment. Go to the information specifically dedicated to putting three links.
3) RETENTION TIMES. a. Surfing data are saved on an internal server and do not persist for more than 7 days except in the event of the need to ascertain crimes by the judicial authorities. Awaiting response. b. The data communicated by the user will be stored by the Owner for the time indicated in the specific information.
4) METHODS OF PROCESSING AND SCOPE OF DISSEMINATION AND COMMUNICATION OF DATA. The logs and data communicated by the user shall not be disseminated or communicated to third parties other than the Data Controller's appointees and the formally designated Managers. The navigation logs are accessible via server access only to the Owner and the Manager via SSH protocol. The site is hosted in the cloud by OVH formally appointed as Data Processor pursuant to Article 28 of EU Regulation 679/16.
5. LEGAL BASIS. a. Statistical information and the proper functioning of the services. The legal basis is constituted by the legitimate interest of the Data Controller pursuant to art 6.I lett. f) of EU Reg. 679/16 and therefore your consent is not required. b. Data communicated by users during registration and/or through the assistance service or by activating the newsletter service. See specific information.
- Right of access to personal data. You have the right to obtain from the Data Controller confirmation as to whether or not personal data concerning you is being processed and, if so, to obtain a copy of the personal data being processed, except where the release of the copy would be detrimental to the rights and freedoms of other data subjects. - Right to rectification. You have the right to obtain from the Data Controller the rectification and updating of personal data and inaccurate information concerning you without undue delay. Taking into account the purposes of the processing, you shall also have the right to obtain the integration of incomplete personal data. - Right to cancellation. You have the right to obtain from the Data Controller the erasure of personal data concerning you without undue delay if: the data are no longer necessary in relation to the purposes for which they were collected or processed; you revoke the consent on which the processing is based and there is no other legal basis for the same; you object to the processing and there is no overriding legitimate reason to proceed with the processing; the personal data have been processed unlawfully; the personal data must be erased in order to fulfil an obligation imposed by national or Community provisions. - Right to restriction of processing. You have the right to obtain from the Controller the restriction of the processing if: you contest the accuracy of the personal data, for the period necessary for the Controller to verify the accuracy of such personal data; the processing is unlawful and you request the restriction of its use instead of its deletion; you need the personal data for the establishment, exercise or defence of legal claims although the Controller no longer needs them; you object to the processing pending verification of whether the legitimate reasons of the Controller prevail. If the processing is restricted, personal data shall be processed, except for storage, only with your consent or for the establishment, exercise or defence of legal claims or to protect the rights of another natural or legal person or for reasons of public interest. - Right to object to processing. You have the right to object at any time to the processing of personal data concerning you, including profiling. The Data Controller shall refrain from further processing your data unless it can demonstrate the existence of compelling legitimate grounds for processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. - Right to complain to the Supervisory Authority. You have the right to complain to the Supervisory Authority by hand delivery to the offices of the Guarantor (at the address below) or by sending a registered letter addressed to Garante per la protezione dei dati personali, Piazza di Montecitorio, 121, 00186 Rome or by sending a certified e-mail message to [email protected].