In this section, in accordance with the new European legislation introduced by the EU Regulation 679/2016 and with the Italian legislation (Legislative Decree No. 196/2003), information is provided regarding the processing of the personal data of the Users who consult the pages of the website www.sammaparts.com (hereinafter: "Site") or who use the purchase services made available on it (hereinafter "Users" or "Interested").
The information is provided exclusively for the Site and not for other websites that may be consulted by the user through the links on the Site.
Holder of the treatment
The Data Controller of the personal data of users of the www.sammaparts.com Site is the Società Sammaint Società Cooperativa (from now also the "Company"), VAT number: 05263670878, REA number: CT - 354603, with registered office in Belpasso ( CT), Via Alicudi S.N. Zip Code 95032 Contrada Valcorrente.
E-mail to contact the owner and request the cancellation of your data, if collected, with your consent: email@example.com.
A - Type of data processed
I. Identification data
In accordance with the new European legislation introduced by the EU Regulation 679/2016 and with the Italian legislation (Legislative Decree No. 196/2003), the consultation of the Site and the possible purchase of products sold on the Site, may involve the of data suitable for directly or indirectly identifying a natural person such as: name, surname, residential address, e-mail address, telephone number, IP address.
The Site does not require the interested party to provide so-called data "Particular", or, according to the provisions of the GDPR (Article 9), personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data relating to the health or sexual life or sexual orientation of the person. In the event that the requested service requires the processing of such data, the interested party will receive specific information in advance and will be required to give explicit consent.
II. Banking data
By purchasing the products on the Site, bank details will also be processed, such as card or bank account number indicated to make the payment, card holder and bank account.
These data may be processed exclusively by third-party companies that manage the payment methods used on the site.
We inform you that the Site uses the following payment services, of which reference is made to the respective privacy policies for data processing:
- Paypal: https://www.paypal.com/en/webapps/mpp/ua/privacy-full;
- Prestashop Ceckout: https://www.prestashop.com/en/privacy-policy.
III. Navigation data
The navigation data are data acquired automatically by the systems and programs used to operate the Site and are necessary for the use of web services [eg. IP addresses, browser used, domain names of the systems used by users to connect to the web portal, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's computer environment].
These data are acquired even in the absence of registration on the Site or request for information.
The navigation data are used exclusively in an aggregate manner to process anonymous statistics on the consultation of the Site and to check its correct functioning and do not allow the identification of the users concerned, being also deleted immediately after processing in anonymous form.
However, they can be used to ascertain responsibility in case of computer crimes committed against the website.
IV. Data provided voluntarily by the user
The personal data provided voluntarily by the User (such as name, surname, e-mail address) for the purpose of sending messages to the Site and / or purchasing the products made available, are used for the sole purpose of responding to the needs of the interested party. and to comply with legal obligations.
The legal basis of these treatments is the fulfillment of the services related to the requests made and the purchases made, as well as compliance with legal obligations.
The information that the User of the Site will deem to make public through the services and tools made available to it, are provided by the User knowingly and voluntarily, exempting the Site from any liability for any violations of the law.
It is up to the User to verify that they have permission to enter personal data of third parties or content protected by national and international regulations.
V. Data collected through analytical cookies
B - Purpose of the processing
The personal data collected are used for:
- allow the shipment of products purchased by the User;
- obtain anonymous statistical information on the use of the web portal;
- to check the correct functioning of the web portal;
- sending communications and newsletters, both in paper and electronic format, to the e-mail address provided by the user;
- ascertaining responsibility in the event of hypothetical computer crimes against the website;
- compliance with any other legal obligation not included in the previous purposes.
The communication of data can only be carried out following a request by the Judicial Authority within the terms of the law.
C - Legal basis of the processing
I. Performance of a contract
Legal basis for the processing of personal data is the fulfillment of the services inherent to the relationship established with the purchase of products, the signing of the Terms and Conditions, compliance with legal obligations and the legitimate interest of the Site to carry out treatments necessary for these purposes. .
II. Consent of the interested party
The optional, explicit and voluntary sending of e-mails, messages or any type of communications addressed to the addresses indicated on this Site entails the subsequent acquisition of the sender's address, telephone number or any other personal data that will be used to reply. to requests. This processing takes place on the basis of the consent of the interested party.
It is ensured that this treatment will be based on the principles of lawfulness, correctness, transparency, adequacy, relevance and necessity pursuant to art. 5, paragraph 1 of the GDPR. Specific summary information will be progressively reported or displayed on the pages of the sites set up for particular services on request.
III. Fulfillment of legal obligations
The processing of personal data may take place without the consent of the interested party in the event that the Data Controller must fulfill a legal obligation.
IV. Optional supply of data
Apart from what is specified for the fulfillment of the contract or legal obligations, for cookies and navigation data, the user is free to provide their personal data or not. However, failure to provide the data could make it impossible to obtain what the execution of the service is.
D - Methods and duration of the processing
Personal data are processed using IT tools and in compliance with EU Regulation no. 679/2016 and Legislative Decree n. 196/2003.
The retention of the processed data will last for the time necessary for the purposes described in this information and, therefore, for the minimum time necessary or until an explicit request by the interested party and in any case in compliance with the time limits imposed by law.
The Data Controller undertakes to take all appropriate security measures to prevent the loss and alteration of personal data, as well as any illegal and unauthorized use of the same.
The data will be processed exclusively by persons authorized by the Data Controller, including any data processors, representatives and public entities for the fulfillment of the obligations established by law, who carry out their respective processing activities as independent data controllers.
The subjects authorized by the Data Controller who may process the data include, by way of example: commercial and legal department collaborators, as well as third party technical service providers, hosting providers and IT companies (this list is not to be considered mandatory). The data processed will not, however, be disclosed to undetermined recipients.
Finally, the data may also be managed by third-party companies for the shipment of products.
The shipping company relies on the service of the companies:
- GLS corriere espresso (https://gls-group.com/IT/it/privacy-policy);
- DHL express (https://www.dhl.com/it-it/home/footer/local-privacy-notice.html);
- TNT (https://www.tnt.it/contents/privacy-cookie/protezione-dati-pers.html);
- Posta1 Pro (https://www.poste.it/privacy-policy.html).
The security of the information collected cannot be guaranteed from any hacker attacks and, in general, from the violation of the security rules put in place for data protection.
In the event of attacks or violations, however, the same will be communicated to the interested parties and to the competent authorities according to the law.
E - Place of processing
The treatments relating to the services of the web portal are carried out by personnel identified and expressly designated according to the specific purposes of the services requested and signed.
For the treatments in question, the Data Controller may make use of the help of external companies, shippers, consultants, consortia, software suppliers and operating services, through identified and appointed personnel, within the scope of the intended purposes and in order to guarantee maximum security. and data confidentiality. In other cases, the personal data collected will not be disclosed to third parties, without the express consent of the interested party, except in cases where communication to third parties is necessary to fulfill obligations imposed by laws, regulations or provisions of the supervisory authorities, or it is essential to protect the rights of other users or the website itself.
Personal data will be processed and stored, exclusively for the purposes indicated above and to keep and store them securely, on remote servers managed by industry-leading providers that ensure compliance with high standards of protection regarding the processing of personal data.
This could involve the transfer of data to non-EU countries, where all or part of the aforementioned servers may be located.
In particular, personal data may be transferred outside the European Union to the company "PrestaShop S.A" (https://www.prestashop.com/it and https://www.prestashop.com/en/privacy-policy) , plug-in for e-commerce, used by the Site managed by the Owner.
The processing and storage of data by the aforementioned provider will take place in an "adequate" third country pursuant to the decision taken by the European Commission, of which in particular the decision for the adequacy of the protection provided by the Canadian law on the protection of personal information and on electronic documents (Canadian Personal Information Protection and Electronic Documents Act) or Privacy Shield certification (USA), or on the basis of a contractual obligation or standard contractual clauses approved by the European Commission, or binding corporate rules approved through the specific procedure pursuant to art. 47 GDPR.
For the transfer of data to non-EU countries, as a rule, it is not necessary to wait for the national authorization of the Guarantor. However, the authorization of the Guarantor will still be required if a holder wishes to use specific contractual clauses, not recognized as adequate by a decision of the European Commission or administrative agreements entered into between public authorities.
F - Rights of interested parties
In constant treatment, the interested party can exercise, at any time, the following rights:
- obtain confirmation of the existence or otherwise of the same data and, if so, know its content and origin;
- verify its accuracy request the correction of inaccurate data, the integration of incomplete data or the updating of outdated data;
- obtain the limitation of the processing, where one of the hypotheses provided for by article 18 GDPR occurs;
- request the cancellation of data processed in violation of the law, or in the presence of one of the other conditions provided for by article 17, paragraph 1, lett. a), b), c), e) and f) GDPR;
- oppose in any case, for legitimate reasons, to their treatment, or to oppose the treatment in the other cases provided for by article 21, paragraphs 2 and 3 and 22 GDPR;
- revoke at any time their freely given consent to the processing of personal data for the purposes specified below;
- to obtain the release of personal data being processed in a format compatible with standard IT applications, to allow their transfer to other platforms of your choice, without impeding the direct transmission of the data processed to another Data Controller, where such direct transmission is technically feasible (so-called right to data portability).
Requests relating to the exercise of the aforementioned rights must be addressed to the Data Controller via e-mail (firstname.lastname@example.org).
In the event of failure or partial response by the Data Controller to the aforementioned requests, the interested party will have the right to lodge a complaint with the Guarantor for the protection of personal data (www.garanteprivacy.it) or judicial appeal within the terms and in the manner provided for pursuant to articles . 77 and ss. EU Regulation 2016/679 (GDPR).
G - Information updates
Future regulatory updates may lead to the modification of the current information, uploaded on the Site on 02.04.2021.
In the event of a change, the Data Controller will announce it on the Site.