Information on the processing of personal data and on website cookies
In compliance with the obligations deriving from Regulation (EU) no. 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter, the “Regulation” or “GDPR“) and the national legislation in force, RR7 Luxury Gin srls respects and protects the personal data of visitors and users (hereinafter, the “Interested“) of the website www.rr7luxurygin.com (hereinafter, the “Website ”).
This document provides information on the processing of personal data collected by RR7 Luxury Gin srls through the Website and, therefore, constitutes information to the interested parties pursuant to the aforementioned legislation and does not apply to personal data collected by RR7 Luxury Gin srls through channels other than the Website.
According to the provisions of the Regulation, the processing of personal data of the interested parties is carried out in compliance with the principles of correctness, lawfulness, transparency and protection of confidentiality.
The Internet site contains links to other Internet sites: this information does not concern these other Internet sites, which may be consulted by the interested parties through specific links. These websites may contain information on the processing of personal data which differs, in whole or in part, from this information. RR7 Luxury Gin srls therefore invites interested parties to carefully read the privacy policies of each other site to which they connect, especially before entering any personal information.
2. Identity and contact details of the data controller
The data controller is RR7 Luxury Gin srls (hereinafter, “RR7 Luxury Gin srls” or the “Data Controller“), VAT number 12663310964, with registered office in Milan, Via Norico 1 (tel: +39 3347554692; email firstname.lastname@example.org; PEC email@example.com).
3. Types of data processed through the Website
The Data Controller, via the Website, may process the following data:
Data collected automatically – traffic and navigation data
The computer systems and software procedures used to operate the Website acquire, during their normal operation, some personal data whose transmission is implicit in the use of internet communication protocols.
This category of data includes the IP addresses or domain names of the computers and terminals used by users, the type of browser, the name of the Internet Service Provider, the addresses in URI/URL notation (Uniform Resource Identifier/ Locator) of the requested resources, the date and time of visit to the Internet site, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success , error, etc.), the web page of the user’s origin and the exit page and other parameters relating to the user’s operating system and IT environment.
Data communicated by the interested parties
The optional, explicit and voluntary sending of messages to the contact addresses of the Data Controller, as well as the compilation and forwarding of the contact forms on the Website, involve the acquisition of the sender’s contact data, necessary to respond, as well as all personal data included in the communications.
In particular, the Data Controller may process the following categories of data of the interested parties:
– personal data: by way of example and not limited to, name, surname, company name, address or registered office, domicile, VAT number, tax code, date of birth;
– contact details: by way of example only, telephone number, e-mail address, contact on social networks and/or other communication services;
– bank details: such as IBAN, current account details, credit card and/or prepaid card details indicated and/or used by the interested party); it should be noted that these data are also acquired by the payment service provider who will act as an independent data controller;
– any other data provided by the interested party necessary and/or connected to the execution of the services provided by the Data Controller.
In any case, the interested parties are required to provide truthful and accurate data and to promptly inform the Data Controller of any subsequent changes.”
4. Cookies and other tracking systems
5. Purpose and legal basis of the processing
The Data Controller processes traffic and navigation data for the following purposes:
(a) operate, administer and improve the Website; check the correct functioning of the services offered;
(b) fulfill the obligations established by law and/or by regulations and/or by orders of the Judicial Authority;
(c) prevent and/or detect fraudulent and/or harmful activities for the Website;
(d) carry out analyzes for technical and/or commercial purposes; obtain statistical information on the use of the services (most visited pages, number of visitors per hour or day, geographical areas of origin, etc.).
The processing of such data is necessary to be able to browse the Website.
The Data Controller processes the data communicated by the interested parties for the following purposes:
(e) execute the sales contracts;
(f) respond to requests for assistance and, in general, to any question and/or request made by users;
(g) send users administrative and/or technical support emails (by way of example, technical notes, reminders, updates…);
(h) send by post and/or email newsletters, commercial communications and/or advertising material on products and/or services offered by the Data Controller.
The processing of data communicated by the interested parties for the purposes indicated above requires the consent of the interested parties. This consent is always optional but, failing that, RR7 Luxury Gin srls will not be able to process the data collected for the aforementioned purposes”.
6. Data communication
The personal data collected may be communicated to supervisory bodies, judicial authorities as well as to all subjects to whom the communication is mandatory by law and/or necessary for the accomplishment of the purposes described above.
7. Personal data processing methods and retention period
The collected data can be subjected to both paper and electronic and/or automated processing.
In any case, the Data Controller will process the personal data collected for the time necessary to fulfill the purposes referred to in this information and, in any case, for a period not exceeding what is required by current legislation (including tax legislation).
8. Possible transfer of personal data
The management and storage of data will take place on servers located within the European Union of the Data Controller and/or third-party companies appointed and duly appointed as Data Processors. Currently the servers are located in Italy.
In any case, it is understood that the Data Controller, if necessary, will have the right to move the location of the servers to Italy and/or the European Union and/or non-EU countries. In this case, the Data Controller ensures from now on that the transfer of data outside the EU will take place in compliance with the applicable legal provisions by stipulating, if necessary, agreements that guarantee an adequate level of protection and/or by adopting the standard contractual clauses provided for by the European Commission.
9. Security measures
The Data Controller processes the data of the interested parties in a lawful and correct manner, adopting the appropriate security measures aimed at preventing unauthorized access, disclosure, modification or unauthorized destruction of the data, as well as unlawful use of the data.
The processing is carried out using IT and/or telematic tools, with organizational methods and with logic strictly related to the purposes indicated, and the data is stored and stored in secure structures with access restrictions and personnel verification.
Access to information is strictly limited to authorized personnel.
The Website is constantly monitored to check for any security breaches.
In addition to the Data Controller, in some cases, categories of persons involved in the organization of the Website (administrative, commercial, marketing, legal, system administrators) or external subjects (such as suppliers of third-party technical services, postal couriers, hosting providers, IT companies, communication agencies), which will act on the basis of the specific instructions provided by the Data Controller.
In any case, the Data Controller invites the interested parties to adopt suitable protections and/or precautions against unauthorized access to their private area and/or to their computer.
10. Rights of data subjects
In accordance with the provisions of Chapter III of the GDPR, the interested parties may exercise the rights provided therein at any time and in particular:
Right of access: obtain confirmation from the Data Controller whether or not Personal Data is being processed and, if so, receive information about the purposes of the processing, the categories of Data involved, the recipients or categories of recipients to whom the Personal Data are or will be communicated, the retention period of the Personal Data or the criteria for determining this period (art. 15, GDPR);
Right of rectification: obtain from the Data Controller, without unjustified delay, the rectification of inaccurate Personal Data and the integration of incomplete Personal Data also providing a supplementary declaration (art. 16, GDPR);< /p>
Right to cancellation: obtain from the Data Controller, without unjustified delay, the cancellation of Personal Data, in the cases provided for by the GDPR (so-called “Right to be forgotten” – art. 17, GDPR);< /p>
Right of limitation: obtain from the Data Controller the limitation of the treatment, in the cases provided for by the GDPR (art. 18, GDPR);
Right to portability: receive from the Data Controller in a structured format, commonly used and readable by an automatic device, the Personal Data concerning them provided to the data controller and request to transmit them directly, or for by means of the data controller, if technically feasible, to another data controller (so-called “Right to data portability” – art. 20 GDPR);
Right to object: oppose, in the event of the occurrence of particular situations that concern them, the processing of Personal Data as well as the processing of Personal Data for direct marketing purposes (art. 21 GDPR).</ p>
The specific request can be presented by contacting RR7 Luxury Gin srls at any time by post at the address: RR7 Luxury Gin srls Via Norico 1, 20138 Milan; by e-mail at firstname.lastname@example.org, by certified e-mail at email@example.com.
With the same methods, the consent expressed in reference to this information can be revoked at any time without prejudice to the lawfulness of the treatment based on the consent given before the revocation.
Any communications and actions undertaken by RR7 Luxury Gin srls in relation to the exercise of the rights listed below will be carried out free of charge, except for the cases provided for by art. 12, paragraph 5, of the GDPR.
Interested parties can also contact RR7 Luxury Gin srls on the telephone number +39 3347554692 in case they need information and/or clarifications regarding the processing of personal data carried out through the Website.
11. Right to complain
Interested parties who believe that the processing of personal data referring to them carried out through the Website is in violation of the provisions of the Regulation have the right to lodge a complaint with the Guarantor, as provided for by art. 77 of the Regulation itself, or to take the appropriate judicial offices (art. 79 of the Regulation).
12. Protection of minors
The Data Controller does not allow minors under the age of 16 to use its services and, therefore, does not intentionally collect information relating to them. Should it become aware that it has collected data relating to persons under the age of 16, in the absence of demonstrable parental consent, it will delete such data as soon as possible.
Should the Data Controller make any significant changes to this document, he will inform the interested parties through the means he deems most suitable for the purpose (such as, by way of example and not exhaustively, the publication on the home page of the Website and/or sending a newsletter to the email address provided by the interested parties).
This information was updated on May 25, 2018.