PRIVACY POLICY

Information pursuant to Article 13 of EU Regulation no. 2016/679 (hereinafter “GDPR”)

vistosi.it

Your personal data is important, therefore we inform you about how the data collected through this website is processed and managed.

Data Controller: Vetreria Vistosi srl, vistosi@vistosi.it – +39 041 5903480 – +39 041 5900170, Via Galileo Galilei, 9-9/A-11, 31021 Mogliano Veneto, Treviso – Italy.

Types of personal data collected through the website

Navigation Data – Log Files – Collected Automatically. Each time you access and visit the website, the system may automatically collect technical information, such as the IP address used to connect your mobile device or computer to the network, login information, browser type and version, time zone settings, browser plug-in types and versions, operating system and platform; information regarding your access, including the full URL, page response times, download errors, duration of visits to specific pages, page interaction information, and navigation methods used to leave the page. This information is not collected to be associated with identified individuals, but by its nature, it could, through processing and associations with data held by third parties, enable user identification. This category of data includes IP addresses or domain names of the computers used by users connecting to the site, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the server’s response (successful, error, etc.), and other parameters related to the user’s operating system and IT environment. This data is used solely to obtain anonymous statistical information about the use of the site and to ensure its correct operation, while also being available to judicial authorities if necessary.

Cookies. The website uses cookies, as further specified in the banner and the cookie policy.

Data voluntarily provided by you. By accessing the website and filling out any forms or registering to make a purchase, you voluntarily provide data to the data controller. No profiling is carried out, and your data is not sold to third parties but will be used for the purpose for which you provided it. Specifically, if you choose to purchase a good or service through the website, the necessary data will be requested to manage your order and process the payment of products/services, as well as for their delivery (your first name, last name, delivery address, email, and phone number). To facilitate your purchase and avoid repeatedly entering this data, you can log in to your personal area. If you do not wish to provide the required data, it will not be possible for us to collect and process your order.

Purpose and legal basis of processing

Your data will be stored on secure and adequately protected servers located in Europe, in compliance with the security measures implemented by the data controller, and processed for:

Purpose of processing	Legal basis for processing
a) Compliance with obligations established by laws, regulations, and/or national or community norms, or by supervisory and control bodies, judicial authorities, or other authorized entities.	Fulfilment of a legal obligation
b) Satisfaction of requests you make through contact forms, sending emails, letters, or other means of communication that allow you to reach the data controller; management of complaints related to orders.	Contract execution / delivery management / payment management
c) Management of the purchase you have made on the site	Contract execution / delivery management / payment management
d) Sending the requested newsletter if the website offers the option to subscribe to this free service.	Satisfying your request based on consent that is always revocable
e) Sending promotional communications if requested by the user	It is you who have allowed it by expressing your optional, free and always revocable consent!

The Data Controller reserves the right to transfer personal data to third countries and/or international organisations and to use external storage services, including in countries outside the European Union; in which case, the service providers will be selected in accordance with Article 46, EU Reg. no. 679/2016.

Communication and dissemination of personal data

For the pursuit of the above-mentioned purposes, your personal data may be disclosed to the following categories of recipients:

• public authorities, supervisory and control bodies, as well as competent judicial authorities, government agencies or other third parties also for the purpose of exercising, establishing or defending our rights in court;
• companies and professionals who perform tasks and services of a technical and organisational nature on behalf of the Controller (appointed as data controllers) and who cooperate with the Controller (e.g. external professionals who take care of invoicing or follow the Controller’s accounts);
• suitably trained and appointed employees to process the data by reason of their duties, to answer your requests or to process your order;
• subjects that provide services for the management, updating and maintenance of the site;
• any persons handling deliveries: they are authorised to process data only for the purposes for which they have been appointed.
  
  

Personal data retention period

In compliance with the principle of data minimisation, your requests will be processed as soon as possible using only the data strictly necessary and for the period necessary to pursue the purposes for which the data was collected. Thereafter, your data will only be kept for the period necessary to comply with applicable regulations and to allow for the protection of the data controller (including the prescription of rights).

The table below sets out in more detail the period for which the Controller will retain the different types of personal data:

Purpose of processing	Period of use and storage of personal data
Fulfilment of obligations under national or EU laws, regulations and/or legislation, or by supervisory and control bodies or judicial and other authorities empowered to do so.	Personal data will be processed for the period strictly necessary to fulfil the obligation imposed by law and kept for the subsequent period as may be stipulated by the regulations in force.
Fulfilment of requests made by you to the owner via form or e-mail contact.	Personal data will be processed for the time strictly necessary to fulfil your request formulated via the site and stored solely for the purpose of protection in order to prove the correctness of your actions within the prescriptive terms.
Execution of your order	Personal data will be processed for the time strictly necessary to fulfil your request, up to delivery, and stored solely for the purpose of protection to prove the correctness of contractual performance within the prescriptive terms.
Regular communications/newsletters and marketing communications	Your personal data will be processed for as long as your consent exists. If you no longer wish to receive newsletters and/or marketing communications, simply request cancellation from the data controller, who will update your consent within 30 days of your request.

Security Information

The Data Controller applies appropriate technical and organisational security measures in order to protect your processed personal data against unauthorised access, collection, use, disclosure, copying, modification or transfer.

Rights of the user concerned

In relation to the processing operations described in this Notice, as a data subject you may, under the conditions laid down in the GDPR, exercise the following rights in particular:

• right of access: the right to obtain confirmation as to whether or not personal data relating to you are being processed and, if so, to obtain access to the data
  
• right to rectification of inaccurate personal data concerning you and/or integration of incomplete personal data;
  
• right to erasure (right to be forgotten)
  
• right of restriction of processing
  
• right to object to the processing of personal data concerning you, unless there are legitimate reasons for the Controller to continue the processing;
  
• right to data portability to receive, in a structured, commonly used and machine-readable format, personal data concerning you provided to the Controller and the right to transmit them to another controller without hindrance, where the processing is based on consent and is carried out by automated means;
  
• lodge a complaint with the Data Protection Authority;
• initiate legal proceedings.

Further information and useful documents can be found at www.garanteprivacy.it.

Please do not hesitate to contact us if any information is not clear to you!

Updated 24/09/2024