PRIVACY POLICY E-COMMERCE PLATFORM
Information notice pursuant to Art. 13 Regulation (EU) 2016/679 (GDPR)
WHY THIS INFORMATION
Pursuant to the Regulation (EU) 2016/679 (hereinafter "GDPR"), this page describes how Sent Retail Srl E-commerce platform handles personal data of users for Como Como Como Brand customers. This is an information notice that is provided in accordance with Article 13 GDPR. The information does not apply to other third party websites that may be consulted through links on this website, for which no responsibility is accepted.
Personal data processed
Personal data: any information relating to an identified or identifiable natural person ("data subject"); an identifiable person is a data subject who can be identified, directly or indirectly, by reference in particular to an identifier such as a name, an identification number, location data, an online identifier, or to one or more features of his or her physical, physiological, genetic, mental, economic, cultural or social identity (C26, C27, C30 GDPR).
Browsing data
The computer systems and software procedures used to operate this website acquire, in the course of their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users who connect to the site, URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the user's operating system and computer environment.
Data communicated by the interested party
The optional, explicit and voluntary sending of messages to the contact addresses indicated on this site and/or the filling in of data collection forms entails the subsequent acquisition of the sender's address, necessary to respond to requests and to finalize your purchases as well as any other personal data entered.
Specific disclosures
Specific disclosures will be present on the pages of the site in relation to particular services or data processing provided.
Cookies. What are cookies? What are cookies used for?
Cookies are small text files that sites visited by users send to their terminals, where they are stored and then transmitted back to the same sites on the next visit. Cookies from so-called "third parties," on the other hand, are set by a website other than the one the user is visiting. This is because on each site there may be elements (images, maps, sounds, specific links to web pages of other domains, etc.) that reside on servers other than that of the site visited. Cookies are used for different purposes: performing computer authentication, session tracking, storing information about specific configurations regarding users accessing the server, storing preferences, etc. For more information about the cookies used by this website, see the cookies policy shown in the footer of the site and at the following link.
1.WHO IS THE DATA CONTROLLER? HOT CAN YOU CONTACT HIM?
The Data Controller is Sent Retail Srl, with registered office in Via Alessandro Volta 70, 22100, Como (CO), Italy, in person of its legal representative. The Data Controller can be contacted at the following address: privacy@sentretail.com
2.DATA PROTECTION OFFICER AND CONTACT DATA
Sent Retail Srl has appointed its Data Protection Officer (DPO/DPO- Data Protection Officer) pursuant to Articles 37, 38 and 39 of the GDPR. The DPO can be contacted at the Data Controller's office listed above and by email: dpo.sent@dpoprofessionalservice.it
3. PURPOSE OF PROCESSING, LEGAL BASIS, DATA RETENTION PERIOD, AND NATURE OF PROVISION OF DATA
| PURPOSE OD PROCESSING | LEGAL BASIS | DATA RETENTION | NATURE OF PROVISION |
|---|---|---|---|
| Navigation on this E-commerce platform | Legitimate interest of the controller: activities strictly necessary for the operation of the platform and the provision of the browsing service. | For the duration of the browsing session. | The provision of navigation data is necessary in order to allow navigation on the web platform. Failure to provide it will result in the inability to navigate the platform. |
| Purchase of products and management of related services. The personal information you provide is necessary to finalize your purchase, to enter your billing and delivery address, and to send you all communications related to your order (including sending you service information related to your shopping cart or order, for the purpose of providing you our assistance) | The processing is necessary for the execution of a contract to which the data subject is a party or for the execution of pre-contractual measures taken at the request of the data subject (C44) Art. 6 par. 1 lett. b) GDPR | Data are retained for 10 years after the purchase and/or the termination of the contract effects. | The provision of data is necessary to ensure the execution of the contractual and/or pre-contractual obligations of the Data controller towards the data subject, aimed at the finalization of the purchase. |
| Receipt of orders, processing of orders and shipment of products. Personal data provided are processed to execute the purchase and to ensure related services (e.g., billing, entrusting shipping to couriers, sending communications regarding the purchase made such as, for example, order confirmation). | Contractual measures (Art. 6 par. 1(b) GDPR): execution of contractual measures | Data are retained for 10 years after the purchase and/or the termination of the contract effects. | The provision of data is necessary to ensure the performance of the Controller's contractual obligations to the data subject necessary to execute the purchase, billing and shipment of the purchased goods. |
| Dispatch/return policy. Personal data are processed for opening reports or tickets and to handle return requests according to the policies in use, which can be consulted within the e-commerce platform. | Contractual measures (Art. 6 par. 1 (b) GDPR): execution of contractual measures | Data are retained for 10 years after the purchase and/or the termination of the contract effects. | The provision of data is necessary to ensure the performance of the Controller's contractual obligations to the data subject (such as purchase, billing, shipping of goods purchased on the online store and any return requests) |
| Direct marketing, for sending advertising or direct sales material or for carrying out market research, commercial and promotional communication, through automated (newsletters, text messages) and traditional, non-automated tools (paper mail, brochures, operator phone calls). | Consent (C42, C43) Art. 6 (1) (a) GDPR) | Until consent is withdrawn (or opt-out) | The provision is optional. Failure to provide the necessary data will result in the inability to receive direct marketing communications from the Data Controller. |
| Disclosure of data to third parties (Sent Group Companies), for their direct marketing purposes. | Consent (C42, C43) Art. 6 (1) (a) GDPR) | Until consent is revoked (or opted out). Please also refer to the information for the processing of personal data of third parties, who act in this case as autonomous Holders | The provision is optional. If consent is not given, your data will not be transferred to the third party for marketing activities. Such lack of consent will not affect any consent given for other purposes. |
| Prevention and conduct of litigation and other legal issues and for defense in court cases. | Legitimate interest of the data controller (C47-C50) Art. 6 PAR. 1(f) GDPR) | 10 years, unless opposed and subject to the time required for defense in court | The provision of data is necessary, and without it, the legitimate interest of the Data controller indicated cannot be fulfilled. Denial will have to be balanced against the legitimate interest of the Controller indicated in the indicated purpose. |
| Handling of your requests and requests from other data subjects, pursuant to Art. 15 et seq. of the GDPR (rights of the data subject) | Legal obligation to which the data controller is subject (C45.) Art. 6 para. 1(c) GDPR) | 5 years from the closing of the application, barring litigation | The provision of personal data is mandatory, as it is indispensable in order to be able to execute the obligations of the Law. |
4. TO WHOM WILL PERSONAL DATA BE COMMUNICATED?
Personal data will be communicated, according to the purposes envisaged in specific areas, to parties who will process the data as autonomous Data Controllers, or Data Processors (Art. 28 GDPR) and processed by individuals (Art. 29 GDPR) acting under the authority of the Data Controller and Data Processors on the basis of specific instructions given regarding the purposes and methods of processing, for specific purposes according to the area of reference. The data will be communicated to recipients belonging to the following categories:
- Subjects that provide services for the management, maintenance and hosting of the site/platform;
- Subjects that support the data controller in carrying out the direct marketing activity, e.g. the newsletter platform provider;
- Companies and couriers involved in the management of shipping activities;
- Authorities and supervisory and control bodies (e.g. Revenue Agency, Guardia di Finanza).
The list of Data Processors is constantly updated and available by writing to privacy@sentretail.com or at the above telephone number.
5. DOES THE DATA CONTROLLER TRANSFER DATA TO A THIRD COUNTRY AND/OR TO INTERNATIONAL ORGANISATIONS?
6. ARE PERSONAL DATA PROCESSED BY AN AUTOMATED MEAN?
The personal data will be subject to traditional, and electronic processing. Please note that no fully automated decision-making processes are carried out.
7. WHICH ARE YOU RIGHTS? HOW CAN YOU EXERCISE THEM?
You may assert your rights as expressed in Art. 15 et seq. GDPR, by contacting the DPO at e-mail: dpo.sent@dpoprofessionalservice.it or directly the Data Controller at e-mail: privacy@sentretail.com, or at the telephone contact indicated. You have the right, at any time, to request access to your personal data (art.15), rectification (art.16), deletion (art.17), restriction of processing (art.18). The data controller shall notify (Art. 19) each of the recipients to whom the personal data have been transmitted of any rectification or erasure or restriction of processing carried out pursuant to Art. 16, Art. 17(1) and Art. 18. 18. The data controller will notify the data subject of such recipients if the data subject so requests. The data subject also has the right to the portability of his or her data (Art. 20), in which case the data will be provided to him or her in a structured, commonly used and machine-readable format. He or she has the right to object (Art. 21), at any time, to the processing of data based on legitimate interest and, in cases where the legal basis is consent, he or she has the right to revoke the consent given without prejudice to the lawfulness of the processing based on the consent before revocation.
In order to stop receiving automated direct marketing communications (e-mail) you can write an e-mail at any time to privacy@sentretail.com with the subject line "no automated marketing" or use our automatic unsubscribe systems provided for e-mail only. In order to stop receiving traditional direct marketing communications (operator phone calls and paper mail), you can write an e-mail to privacy@sentretail.com with the subject line "no traditional marketing", at any time.
In order to stop receiving any more marketing communications you can write at any time an e-mail to privacy@sentretail.com with the subject line "no marketing".
If you believe that the processing of personal data carried out by the Data Controller occurs in violation of the provisions of Regulation (EU) 2016/679, you have the right to lodge a complaint with the Privacy Guarantor (https://www.garanteprivacy.it/), or to take appropriate legal action.
8. INFORMATION NOTICE AMENDMENTS
The Data Controller reserves the right to amend, update, add or remove parts of this information notice. In order to facilitate the verification and modification of the text, the information notice will contain the date of update.
Date of update: 03/04/2024
