In compliance with the provisions of art. 13 of EU Regulation 2016/679 on the protection of personal data (hereinafter also "GDPR") and subsequent national adaptation legislation, we provide below general information concerning the processing and protection of personal data of users interacting with the services accessible via the address atlanticstars.it (hereinafter also "Website"). Each user is therefore invited to read this privacy policy carefully.
1. Data Controller
The Data Controller (hereinafter also "Controller") is:
AS Srl, VAT number 02531390447, with registered office in Via dell'Industria, 53, 63900 Fermo (FM) - Italy and email address: shop@atlanticstars.it
2. Categories of personal data
What personal data are.
Personal data (hereinafter also "Data") are all information that, directly or indirectly, allow the user (hereinafter also "Data Subject") to be identified as a physical person.
Data provided voluntarily by the user.
Data provided directly by the user are all personal data entered by the user on the Website (e.g., by filling out the contact form; sending emails and/or regular mail to the contact details on the Website; sending unsolicited applications using the contact details on the Website, etc.). Examples of data provided directly by the user are: name, surname, residential/domicile address, email, phone number, payment data, etc. The optional, explicit, and voluntary sending of emails to the addresses indicated on the Website entails the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other Data included in the message.
In specific cases, Data may have been provided to us by third parties through the use of a function or service activated on the Website, such as, by way of example, through sending a gift card or due to shipping an order to the recipient's address. In such cases, the communicated data are processed only if relevant for the performance of such function or service, as indicated in this Privacy and Cookie Policy.
Browsing data.
The computer systems and software procedures used to operate the Website itself acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This information is not collected to be associated with identified individuals, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by individual users who connect to the Website, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the Data Subject's computer environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Website, as well as to check its correct functioning and are deleted 15 days after processing.
Browsing data could also be used to ascertain responsibility in case of hypothetical cybercrimes against the Website (legitimate interest of the Controller).
Cookies
The Website uses cookies, as better specified in the relevant policy referred to at https://www.atlanticstars.it
Social Network Plugins
This site also incorporates plugins and/or buttons for social networks, in order to allow easy sharing of content on your favorite social networks. These plugins are programmed not to set any cookies when accessing the page, to safeguard users' privacy. Eventually, cookies are set, if provided by social networks, only when the user makes effective and voluntary use of the plugin. Please note that if the user navigates while logged into the social network, they have already consented to the use of cookies conveyed through this site at the time of registration to the social network.
The collection and use of information obtained through the plugin are governed by the respective privacy policies of the social networks, to which please refer.
3. Purpose and legal basis of processing
Notwithstanding what is specified in relation to navigation data and cookies, the Data Subject's Data are collected and processed for the purposes indicated below.
A) Performance of pre-contractual measures at the request of the data subject, subsequent execution of the contract and related obligations.
· The Data provided by the Data Subject may be processed for purposes strictly connected to the execution of product and/or service purchase orders and the execution of related activities (such as payment management, communications about order status, product delivery, merchandise exchange or returns after purchase and management of related requests, product reservations, use of other functionalities or services available on the Website, including the livechat service). The execution of pre-contractual measures and the subsequent execution of the contract (art. 6, paragraph 1, letter b) of the GDPR) constitute the legal basis for the processing of Data.
We specify that if, at the time of purchasing one of our products through the Website, the user decides to activate the functionality that allows saving payment card data for future purchases (if this function is available), we need to process the indicated data for the activation and provision of this functionality. Consent to the activation of this functionality makes it possible to automatically complete payment data in subsequent purchases, so that they do not have to be entered for each new transaction, and these data will be considered valid and effective for future purchases. It is possible to modify or delete payment card data entered on the Website at any time, both through the payment information section and on the user's registered account on the Website.
· The data provided by the Data Subject may also be processed for the fulfillment of obligations provided for by national or EU law and/or regulations that the Controller is required to observe in providing the requested services and executing the contract. The need to fulfill a legal obligation (art. 6, paragraph 1, letter c) of the GDPR) constitutes the legal basis for the processing.
· Finally, the data provided by the Data Subject may be processed for the purpose of protecting credit positions, exercising the right of defense in court, for ordinary internal organizational-operational, management and accounting needs. The pursuit of a legitimate interest of the Controller (art. 6, paragraph 1, letter f) of the GDPR) constitutes the legal basis of the processing.
B) Registration for access to the reserved area
The Data provided by the Data Subject may be processed for registration and access to the Reserved Area on the Controller's website, which allows access to services reserved for registered users. The performance of the contract (art. 6, paragraph 1, letter b) of the GDPR) and the legitimate interest of the Controller (art. 6, paragraph 1, letter f) of the GDPR) constitute the legal basis for the processing.
C) Job Opportunities (application)
Data provided by users interested in submitting their application for open positions at AS S.r.l. may be processed to evaluate the curriculum vitae submitted, arrange any introductory interviews, and carry out the subsequent evaluation of the application. The processing of Data provided by the data subject is aimed at considering their collaboration proposal (art. 6, paragraph 1, letter f) of the GDPR). Therefore, candidates are invited to include in their curriculum vitae only the Data necessary to evaluate their profile and to refrain from indicating particular data (such as those relating to: membership in trade unions or professional organizations; union positions; political opinions and adherence to parties, unions, associations or organizations of a religious, philosophical, political nature; religious, philosophical or other convictions; ethnic and racial origin; personal data revealing health status and sexual life).
D) Direct marketing
Subject to the user's specific consent, the Data may be processed for sending newsletters, advertising, informative, commercial and promotional material, as well as updates on initiatives, promotions and offers relating to products and services of AS S.r.l., for direct sales purposes, market research and sending invitations to events in which the Controller participates/organizes. Express consent (art. 6, paragraph 1, letter a) of the GDPR) constitutes the legal basis for processing.
E) Third-party marketing
Subject to the user's specific consent, the Data may be communicated to third-party companies, which may process them to send commercial and/or promotional communications about products and services, as well as conduct market research.
Your consent (Art. 6, paragraph 1, letter a) of the GDPR) constitutes the legal basis for processing.
F) Profiling
Subject to the user's specific consent, the Data may be processed for activities of analyzing purchasing choices, detecting the degree of consent on offered products and/or services, consumption habits and propensities, in order to improve the marketing and services offered by the Controller, as well as to satisfy specific customer needs (hereinafter also "Profiling"). Consent (art. 6, paragraph 1, letter a) of the GDPR) constitutes the legal basis for processing.
4. Nature of Data provision and consequences of refusal
Notwithstanding what is indicated in relation to navigation data and cookies, the provision of Data is necessary for the purposes indicated in article 3 letters A) and B). Failure to provide the Data will make it impossible to fulfill the Data Subject's pre-contractual/contractual request and to execute the contract, to access the reserved area, and to provide any requested services.
The provision of your Data for the purpose indicated in art. 3 letter C) is optional. However, any failure to provide the Data by the Data Subject may make it impossible for the Controller to consider and evaluate your collaboration proposal.
Consent to the processing of Data for the purposes indicated above in art. 3 letters D), E) and F) is optional. Failure to consent to processing for the purposes indicated in art. 3 letters D), E) and F) will make it impossible for the Controller to process your data respectively for the direct marketing, third-party marketing, and profiling purposes described above. Failure to consent to processing for the purposes referred to in art. 3 letters D), E) and F) will not, in fact, prevent the execution of pre-contractual measures and the subsequent conclusion and execution of the contract. In any case, even once consent has been given for the purposes referred to in art. 3 letters D), E) and F), the Data Subject may request, at any time, the interruption of processing for these purposes by sending an e-mail to shop@atlanticstars.it or by clicking on the link contained in each e-mail.
5. Processing methods
Personal data are processed with electronic, IT, telematic and/or paper tools, with logic strictly related to the purposes indicated above, in full compliance with current legislation, as well as the principles of lawfulness, transparency, necessity, proportionality and non-excess, and in such a way as to guarantee the confidentiality of users.
Specific security measures are observed to prevent the loss of Data, illicit or incorrect use of the same and unauthorized access.
6. Retention period
The Data will be retained for the purpose of executing pre-contractual measures and the contract and related regulatory compliance (Article 3 letter A) in compliance with the principle of proportionality and non-excess and, in any case, for a period of time no longer than strictly necessary to achieve the purposes for which they were collected, in compliance with the limitation periods provided for by the civil code. The Data will, therefore, be processed for the entire time necessary to manage the purchase of products or the provision of requested services, including any returns, complaints or disputes relating to the purchase of the product or service in question.
Regarding the purpose of registration for access to the Reserved Area of the Site (art. 3 letter B), it should be noted that the user can, at any time, ask to be removed from the list of registered subjects using the "unregister" function available on the Site.
Regarding the purpose of evaluating the collaboration proposal (art. 3 letter C), the processing of Data will not exceed the time necessary for the purposes for which the data were collected and, in any case, not exceed six months from the receipt of the curriculum vitae.
Regarding processing for marketing purposes (art. 3 letter D), your Data will be stored by the Controller for a maximum period of 24 months from the collection of your consent and/or its renewal. You may, however, request, at any time, the interruption of processing for marketing purposes and in that case your Data will no longer be processed for that purpose.
Regarding processing for profiling purposes (art. 3 letter F), your Data will be stored by the Controller for a maximum period of 12 months starting from the collection of consent or its renewal. You may, however, request, at any time, the interruption of processing for Profiling purposes and in that case your Data will no longer be processed for that purpose.
7. Recipients of the data
For the pursuit of the purposes described in this policy, user Data may be processed by employees, assimilated personnel and/or collaborators, as well as partners of the Controller, who operate, as appointed, as persons authorized to process personal data pursuant to art. 29 GDPR.
The personal data communicated by users, customers and suppliers may also be processed, on behalf of AS S.r.l. by third parties, duly appointed as Data Processors pursuant to and for the purposes of art. 28 of the GDPR, belonging, by way of example, to the following categories:
a) service providers for the management of the IT system (web hosting);
b) subjects who carry out administrative and/or fiscal compliance;
c) subjects who provide legal and/or tax consulting activities;
d) subjects that the Controller uses for the execution of the contract (e.g., for shipping and delivery of products), the proper fulfillment of contractual obligations assumed as well as obligations deriving from the law;
e) advertising and marketing companies for the promotion of AS S.r.l.'s activity and the products/services offered by it;
f) third-party companies, in relation to third-party marketing purposes, only if you have given specific consent;
The complete and updated list of Data Processors is available upon user request.
Furthermore, the Data may be communicated to judicial authorities and/or police bodies, or to subjects towards whom there is an obligation to communicate under national or EU law and/or regulations.
8. Dissemination of data
Personal data are not subject to dissemination.
9. Data transfer abroad
The Data Subject's Data will not be transferred outside the European Union.
10. Data subject rights
The GDPR grants users, as data subjects, the exercise of specific rights.
In particular, at any time, the data subject can obtain:
a) to request and obtain access to personal data, confirmation of their existence or not, and their communication in an intelligible form;
b) to obtain information about the origin of personal data and to verify their accuracy, request their integration and/or updating, or rectification if inaccurate;
c) to request and obtain the erasure of personal data if they are no longer necessary for the purposes for which they were collected and processed, their transformation into anonymous form or the blocking of data processed in violation of the law;
d) to request and obtain the restriction of processing if personal data are inaccurate, no longer necessary for the purposes for which they were collected and processed, or in case of unlawful processing of the same;
e) to object, for legitimate reasons, to the processing of the data itself;
f) to receive the data concerning them, provided to the Controller and processed by automated means, and to transmit them to another data controller, without hindrance from the Controller, as well as, if technically feasible, to obtain the direct transmission of the data from the Controller to whom they were provided to another data controller.
All these rights can be exercised by writing to the Controller's email address indicated above.
The Controller will take charge of the user's request and provide the user, without undue delay, with information regarding the action taken in response to their request.
Any rectification or erasure of data or restriction of processing, carried out at the user's request and unless this proves impossible or involves disproportionate effort, will be communicated by the Controller to each of the recipients to whom the Data has been transmitted.
Pursuant to art. 13, paragraph 2, letter d) of the GDPR, finally, the data subject may exercise their rights by submitting a complaint to the Garante per la protezione dei dati personali (Italian Data Protection Authority), with registered office in 00186 – Rome, Piazza di Montecitorio, 121.
This Policy may be subject to periodic updates.