Privacy & Cookie Policy
In compliance with the provisions of Article 13 of EU Regulation 2016/679 regarding the protection of personal data (hereinafter also "GDPR") and subsequent national implementing legislation, we provide below general information regarding the processing and protection of personal data of users interacting with services accessible via the address atlanticstars.it (hereinafter also "Website"). Therefore, each user is invited to read this policy carefully.
1. Data Controller
The Data Controller (hereinafter also "Controller") is:
AS Srl, VAT number 02531390447, with registered office in Via dell'Industria, 53, 63900 Fermo (FM) - Italy and e-mail address: shop@atlanticstars.it
2. Categories of personal data
What personal data is.
Personal data (hereinafter also "Data") is all information that, directly or indirectly, allows for the identification of the user (hereinafter also "Data Subject") as a natural person.
Data provided voluntarily by the user.
Data provided directly by the user are all personal data entered by the user on the Website (e.g., by filling out the contact form; sending emails and/or ordinary mail to the contact details on the Website; sending unsolicited applications using the contact details on the Website, etc.). Examples of data provided directly by the user include: name, surname, residential/domicile address, email, telephone number, payment data, etc. The optional, explicit, and voluntary sending of emails to the addresses indicated on the Website entails the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other Data included in the communication.
In specific cases, Data may have been provided to us by third parties through the use of a function or service activated on the Website, such as, by way of example only, by sending a gift card or due to shipping an order to the recipient's address. In such cases, the communicated data are processed only if they are relevant for the performance of that function or service, as indicated in this Privacy and Cookie Policy.
Navigation data.
The computer systems and software procedures used to operate the Website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This information is not collected to be associated with identified individuals, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by individual users who connect to the Website, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the Data Subject's IT environment. This data is used solely to obtain anonymous statistical information on the use of the Website, as well as to check its correct functioning and is deleted 15 days after processing.
Navigation data could also be used to ascertain responsibility in case of hypothetical cybercrimes against the Website (legitimate interest of the Controller).
Cookies
The Website uses cookies, as further specified in the relevant policy referred to at https://www.atlanticstars.it
Social Network Plugins
This site also incorporates plugins and/or buttons for social networks, to allow easy sharing of content on your favorite social networks. These plugins are programmed not to set any cookies when accessing the page, to safeguard user privacy. Cookies are eventually set, if provided by the social networks, only when the user actually and voluntarily uses the plugin. Please note that if the user browses while logged into the social network, they have already consented to the use of cookies conveyed through this site at the time of registration to the social network.
The collection and use of information obtained through the plugin are governed by the respective privacy policies of the social networks, which should be consulted.
3. Purpose and legal basis of processing
Without prejudice to what is specified in relation to browsing data and cookies, the Data Subject's Data is collected and processed for the purposes indicated below.
A) Performance of pre-contractual measures at the request of the data subject, subsequent performance of the contract and related fulfilments.
The Data provided by the Data Subject may be processed for purposes strictly connected to the execution of product and/or service purchase orders and the performance of related activities (such as payment management, communications regarding order status, product delivery, merchandise exchange or returns after purchase and management of related requests, product reservations, use of other functionalities or services available on the Website, including the live chat service). The performance of pre-contractual measures and the subsequent performance of the contract (Art. 6, paragraph 1, letter b) of the GDPR) constitute the legal basis for data processing.
We specify that if, at the time of purchasing one of our products through the Website, the user decides to activate the functionality that allows the saving of payment card data for future purchases (if this function is available), we need to process the indicated data for the activation and provision of this functionality. Consent to the activation of this functionality makes it possible to automatically complete payment data in subsequent purchases, so as not to have to enter them for each new transaction, and this data will be considered valid and effective for future purchases. It is possible to modify or delete payment card data entered on the Website at any time, either through the section relating to payment information or on the user's registered account on the Website.
The data provided by the Data Subject may also be processed for the fulfilment of obligations required by law and/or national or EU regulations that the Controller is required to observe in providing the requested services and in executing the contract. The need to comply with a legal obligation (Art. 6, paragraph 1, letter c) of the GDPR) constitutes the legal basis for the processing.
Finally, the data provided by the Data Subject may be processed for the purpose of protecting credit positions, exercising the right of defense in court, for ordinary internal organizational-operational, management, and accounting needs. The pursuit of a legitimate interest of the Controller (Art. 6, paragraph 1, letter f) of the GDPR) constitutes the legal basis for the processing.
B) Registration for access to the reserved area
The Data provided by the Data Subject may be processed for the purpose of registration and access to the Reserved Area on the Controller's website, which allows access to services reserved for registered users. The performance of the contract (Art. 6, paragraph 1, letter b) of the GDPR) and the legitimate interest of the Controller (Art. 6, paragraph 1, letter f) of the GDPR) constitute the legal basis for the processing.
C) Job opportunities (application)
The Data provided by the user interested in submitting their application for open positions at AS S.r.l. may be processed to evaluate the submitted curriculum vitae, schedule any introductory interviews, and carry out the subsequent evaluation of the application. The processing of Data provided by the Data Subject is aimed at considering their collaboration proposal (Art. 6, paragraph 1, letter f) of the GDPR). Therefore, candidates are asked to include in their curriculum vitae only the Data necessary to evaluate their profile and to refrain from indicating special categories of data (these include data relating to: trade union or professional association membership; trade union positions; political opinions and membership in religious, philosophical, political associations or organizations; religious, philosophical or other beliefs; ethnic and racial origin; personal data revealing health status and sexual life).
D) Direct Marketing
Subject to the user's specific consent, the Data may be processed for sending newsletters, advertising, informative, commercial and promotional material, as well as updates on initiatives, promotions and offers related to AS S.r.l. products and services, for direct sales purposes, market research and sending invitations to events in which the Controller participates/organizes. Expressed consent (Art. 6, paragraph 1, letter a) of the GDPR) constitutes the legal basis for processing.
E) Third-party marketing
Subject to the user's specific consent, the Data may be communicated to third-party companies, which may process them to send commercial and/or promotional communications about products and services, as well as to carry out market research.
Your consent (Art. 6, paragraph 1, letter a) of the GDPR) constitutes the legal basis for the processing.
F) Profiling
Subject to the user's specific consent, the Data may be processed for activities of analyzing purchasing choices, detecting the degree of consent on offered products and/or services, consumption habits and propensities, in order to improve the marketing and services offered by the Controller, as well as to satisfy the specific needs of customers (hereinafter also "Profiling"). Consent (Art. 6, paragraph 1, letter a) of the GDPR) constitutes the legal basis for processing.
4. Nature of Data provision and consequences of refusal
Without prejudice to what is indicated in relation to browsing data and cookies, the provision of Data is necessary for the purposes indicated in Article 3 letters A) and B). Failure to provide Data will make it impossible to follow up on the Data Subject's pre-contractual/contractual request and to execute the contract, to access the reserved area, as well as to provide any requested services.
The provision of your Data for the purpose indicated in Article 3 letter C) is optional. However, failure by the Data Subject to provide the Data may make it impossible for the Controller to consider and evaluate your collaboration proposal.
Consent to the processing of Data for the purposes indicated above in Article 3 letters D), E) and F) is optional. Failure to consent to processing for the purposes indicated in Article 3 letters D), E) and F) will make it impossible for the Controller to process your data respectively for the direct marketing, third-party marketing and profiling purposes described above. Failure to consent to processing for the purposes referred to in Article 3 letters D), E) and F) will not, in fact, prevent the performance of pre-contractual measures and the subsequent conclusion and execution of the contract. In any case, even once consent has been given for the purposes referred to in Article 3 letters D), E) and F), the Data Subject may, at any time, request the interruption of processing for such purposes by sending an email to shop@atlanticstars.it or by clicking on the link contained in each email.
5. Processing methods
Personal data is processed using electronic, IT, telecommunication and/or paper tools, with logic strictly related to the purposes indicated above, in full compliance with current legislation, as well as the principles of lawfulness, transparency, necessity, proportionality and non-excess, and in such a way as to guarantee the confidentiality of users.
Specific security measures are observed to prevent the loss of Data, illicit or incorrect use of the same, and unauthorized access.
6. Retention period
Data will be retained for the purpose of executing pre-contractual measures and the contract and related regulatory compliance (Art. 3 letter A) in compliance with the principle of proportionality and non-excess, and in any case, for a period not exceeding what is strictly necessary to achieve the purposes for which they were collected, in compliance with the limitation periods provided for by the civil code. The Data will therefore be processed for the entire time necessary to manage the purchase of products or the provision of requested services, including any returns, complaints, or disputes relating to the purchase of the product or service in question.
Regarding the purpose of registration for access to the Reserved Area of the Website (Art. 3 letter B), please note that the user can, at any time, request to be removed from the list of registered subjects using the "unregister" function available on the Website.
Regarding the purpose of evaluating the collaboration proposal (Art. 3 letter C), the processing of Data will not exceed the time necessary for the purposes for which the data itself was collected and, in any case, not exceeding six months from the receipt of the curriculum vitae.
Regarding processing for marketing purposes (Art. 3 letter D), your Data will be stored by the Controller for a maximum period of 24 months from the collection of your consent and/or its renewal. You may, however, request, at any time, the interruption of processing for marketing purposes and in such case your Data will no longer be processed for that purpose.
Regarding processing for profiling purposes (Art. 3 letter F), your Data will be stored by the Controller for a maximum period of 12 months from the collection of consent or its renewal. You may, however, request, at any time, the interruption of processing for Profiling purposes and in such case your Data will no longer be processed for that purpose.
7. Recipients of the data
For the pursuit of the purposes described in this policy, user Data may be processed by employees, assimilated personnel and/or collaborators, as well as partners of the Controller, who operate, following appointment, as persons authorized to process personal data pursuant to Art. 29 GDPR.
Personal data communicated by users, customers and suppliers may also be processed, on behalf of AS S.r.l., by third parties, duly appointed as Data Processors pursuant to and for the purposes of Art. 28 of the GDPR, belonging, by way of example, to the following categories:
a) service providers for IT system management (web hosting);
b) subjects who handle administrative and/or tax compliance;
c) subjects who provide legal and/or tax consultancy services;
d) subjects used by the Controller for the purpose of executing the contract (e.g., for shipping and delivery of products), the correct fulfillment of contractual obligations assumed as well as obligations deriving from the law;
e) advertising and marketing companies for the promotion of AS S.r.l.'s activities and the products/services offered by it;
f) third-party companies, in relation to third-party marketing purposes, only if you have given specific consent;
The complete and updated list of Data Processors is available upon user request.
Furthermore, Data may be communicated to judicial authorities and/or police bodies, or to subjects towards whom there is a legal obligation to communicate pursuant to law and/or national or EU regulations.
8. Dissemination of data
Personal data is not subject to dissemination.
9. Data transfer abroad
The Data Subject's Data will not be transferred outside the European Union.
10. Rights of the data subject
The GDPR grants users, as data subjects, the exercise of specific rights.
In particular, at any time, the data subject can obtain:
a) to request and obtain access to personal data, confirmation of its existence or non-existence, and its communication in an intelligible form;
b) to obtain information on the origin of personal data and to verify its accuracy, request its integration and/or updating, or rectification if inaccurate;
c) to request and obtain the erasure of personal data if it is no longer necessary for the purposes for which it was collected and processed, its transformation into anonymous form, or the blocking of data processed in violation of the law;
d) to request and obtain the restriction of processing if personal data is inaccurate, no longer necessary for the purposes for which it was collected and processed, or in the case of unlawful processing;
e) to object in any case, for legitimate reasons, to the processing of the data itself;
f) to receive data concerning him/her, provided to the Controller and processed by automated means, and to transmit it to another data controller, without hindrance from the Controller, and, if technically feasible, to obtain the direct transmission of the data from the Controller to whom he/she provided it to another data controller.
All these rights can be exercised by writing to the Controller's email address indicated above.
The Controller will take charge of the user's request and provide the user, without undue delay, with information regarding the action taken regarding their request.
Any corrections or deletions of data or limitations of processing, carried out at the user's request and unless this proves impossible or involves a disproportionate effort, will be communicated by the Controller to each of the subjects to whom the Data has been transmitted.
Finally, pursuant to Art. 13, paragraph 2, letter d) of the GDPR, the data subject may exercise their rights by submitting a complaint to the Garante per la protezione dei dati personali, with registered office in 00186 – Rome, Piazza di Montecitorio, 121.
This Policy may be subject to periodic updates.