pursuant to Article 13 of Regulation (EU) 679/2016
General Data Protection Regulation
With this note, Excelsior Milano S.r.l., with registered office in Mestre (Venice), via Maderna no. 11, VAT and fiscal code 04391470277 (hereinafter “Excelsior”), intends to inform users visiting the website "www.excelsiormilano.com" (hereinafter the "Website") of the Policy adopted regarding Personal Data Protection, emphasizing its commitment and focus on protecting the privacy of the visitors to the Website.
Visitors may browse the Website freely and are not obliged to register, except in certain areas of the same, in which the user can freely and expressly provide a series of personal data in order to access specific services. Therefore, where the user intends to provide his personal data in order to access those additional services, he will be expressly informed (pursuant to Article 13 of Regulation (EU) 679/2016 - “General Data Protection Regulation”), of the purposes and methods for and with which the data will be used by Excelsior, as well as of the right to request, at any time, that the data provided are erased or updated.
Information on personal data protection
Excelsior hereby provides the following information, pursuant to the Regulation (EU) 679/2016 - “General Data Protection Regulation” (hereinafter the “GDPR”).
1. Data Controller and Supervisor
The Data Controller of the personal data is Excelsior Milano S.r.l., with legal office in Mestre (Venice), via Maderna 11, postcode 30174, VAT and fiscal code 04391470277 (hereinafter “Excelsior”).
You may request a full list of the Data Processors, by writing to the addresses indicated at point 10.
2. Types of personal data processed
You do not need to be registered to access the Website. However, some sections in the Website do require you to register, or use a username and password (e.g. to complete the on-line purchasing process). There are also certain services for which you must provide your data should you wish to use them (e.g. your data may be required if you wish to access the Newsletter services, contact us, etc.).
With reference to the data related to the user’s browsing within the Website, please see also point 7 below regarding the Profiling tools used by the Website.
3. Purposes and legal basis for processing
The data are collected and processed for purposes strictly related to the usage of the Website and its services. The specific purposes for processing are described in detail in the specific privacy notices provided by the Website in all cases of data collection. Please read carefully the privacy notices which from time to time illustrate the characteristics of the processing that will be carried out by Excelsior (e.g. to register to the Website, to subscribe to the Newsletter, etc.).
The processing of your data will be carried out in full compliance with the privacy regulation
4. Optional nature of the user’s decision to provide personal data
The user can provide the personal data at his/her own discretion. Only in certain cases, failure to confer the data can prevent the user from accessing specific services and obtaining what requested (e.g. registration is required to proceed and purchase products online).
Failing to provide the data may prevent Excelsior from allowing access to the Website services or to answer to the users’ requests.
The mandatory data are identified in the form for data collection present in the Website - i.e. marking them with an asterisk (*) - and the consequences of the failure to provide data are described in the specific privacy notices present on the data collection pages.
5. Data processing procedures and communication of data
The data can be processed both electronically and in paper form. Excelsior guarantees that the personal data provided will be processed lawfully and correctly, in full compliance with the legislation in force, and will maintain the strictest confidentiality of the same. All the information collected is sent via a protected connection to prevent it from being intercepted by third parties. The safety of the Website is guaranteed and certified by a leading company in the provision of services regarding Internet security.
Data will not be communicated or disseminated to third parties except within the limits and under the conditions expressly indicated in the information notices provided to the user from time to time on the Website, and only upon receipt of authorization from the same (e.g. to the companies providing the shipment of the products). The data will be processed by personnel expressly authorized to manage the Website from the Marketing Department.
For solely organizational and functional needs, we have appointed some service providers necessary for the management of the Website as external data processor for the users’ personal data for purposes strictly connected and related to the provision of services. A complete list of external processors can be required by contacting firstname.lastname@example.org.
6. Link to other sites
7. “Profiling” and/or customization tools
Excelsior does not carry out any promotional communication and/or advertising activities without the user’s prior explicit consent.
The Website uses both technical (aimed at enabling browsing and Website usage) and profiling (aimed at analyzing the users, their behavior and their preferences and to provide customized advertising) “cookies”.
8. Location of data processing
The data related to the services provided by the Website are processed at Excelsior’s registered office indicated at point 1 above by the persons in charge of the processing of the Marketing Department. Data may also come to the knowledge of the people in charge of the processing appointed as external Data Processor pursuant to art. 28 of the GDPR.
9. Storage period:
Your data will be processed for the period indicated in the specific privacy notices provided at the moment of collection (e.g. registration to the website, usage of “Contact us” service, etc.). Please click here for further details
10. Rights of the interested parties
By using the form available in the “Contact Us” section of the Website you may at any time exercise the rights [LINK 5] provided for by articles 15 to 22 of the GDPR, such as requesting information on which data we are processing, in which manner and for which purpose we are using them, amending the data you have provided us or erasing them, asking us to limit use of your data, and requesting receipt or transmission of your data to another data controller in a structured, commonly used and machine-readable format.
You may at any time object to processing of personal data concerning you for marketing or preferences analysis purposes.
11. Complaint before the Data Protection Authority
Should you consider the processing of your data infringes the GDPR, you may in any event lodge a complaint before the Italian Data Protection Authority (www.garanteprivacy.it), or to the Data Protection Authority of the Member State of your habitual residence, place of work or place of the alleged infringement.
12. Data Protection Officer
You can contact the Data Protection Officer appointed by Excelsior Milano S.r.l. pursuant to art. 37 of the GDPR using the following contact: email@example.com.
13. Applicable Law
14.Right to review
The integral text of Legislative Regulation (EU) 679/2016 - “General Data Protection Regulation” can be consulted on the Website of the Italian Data Protection Authority www.garanteprivacy.it/.
Should Excelsior collect information and personal data about users, it will inform the same in advance, pursuant to Art.13 of GDPR, of the purposes for which said data are required and of the means of the processing. If necessary, Excelsior will require the user’s specific consent for the relative processing of the data (for example, personal data - such as the user’s name and surname, telephone number, email address and other information that the user consents to provide - may be requested to enable the user to access the services of the Website) Excelsior will only use the personal data collected on-line for the purposes indicated during the registration process.
The data related to the user’s connections and browsing on the Website (such as the URI-Uniform Resource Identifier addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the user’s operating system and IT environment) are only collected for the purpose of gathering anonymous statistical information about the use of the Website and its correct functioning; such data are erased immediately after the processing.
Data may be used to verify any responsibility in the case of alleged IT crimes damaging the Website: with the exclusion of such hypothesis, data are erased after the period of time required to provide the services of the Website.
With reference to the data related to the user’s browsing within the Website, please see also point 7 regarding the Profiling tools used by the Website.
The legal basis for processing your data will be:
- the execution of a contractual relationship pursuant to Article 6(1)(b) of the GDPR as regard the management of the services provided by the Website and to answer to your requests;
- your consent pursuant to Article 6(1)(a) of the GDPR, as regard our marketing and analysis activities.
In any case, the data will be processed in compliance with the legislation in force - and any further amendment and/or addition - enacted by the Italian Data Protection Authority (including Guidelines on Marketing and against Spam - 4 July 2013 and Simplified Arrangements to Provide Information and Obtain Consent Regarding Cookies - 8 may 2014).
The data collected through the “Contact Us” section of the Website will be processed for the time necessary to duly handle your request and thereafter will be destroyed.
If you decide to create your account by registering to the Website, your data will be processed as long as your account stays active. You may close your account at any time and your request will be processed immediately.
The data processed in order to send you commercial communications, offers, news and events will be kept until your request for cancellation.
Articles 15 to 22 of the GDPR recognise specific rights, such as:
- obtaining confirmation as to whether or not personal data concerning you is being processed
- obtaining access to your personal data and to the information set out in Article 15 of the Regulation;
- obtaining the rectification of the inaccurate personal data that concern you without undue delay or the supplementing of incomplete personal data;
- obtaining the erasure of the personal data that concern you without undue delay;
- obtaining the restriction of processing the personal data that concern you;
- being informed of any rectifications or erasures or restrictions of processing in relation to the personal data that concern you;
- receiving in a structured, commonly used and machine-readable format the personal data that concern you;
- objecting at any time, on grounds associated with your specific situation, to the processing of the personal data that concern you.
The above is without prejudice to your right to withdraw at any time whatsoever consent to data processing you might have granted and to object to our analysis and marketing activities.