Information in application of Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation, “GDPR”)
I. Data ownership and types
Pursuant to Article 13 of the GDPR, as data controller, Essedi spa (hereinafter the “Data Controller”), with registered office at Via Tortona 37, 20144 Milan (Italy), informs you that it will collect personal data directly provided by you through the banner displayed on the homepage.
The personal data that you provide are collected and used for the following purposes that are related and instrumental to Essedi's activities:
1. To meet the obligations covered by the contract (purchase of products from, and use of, the services provided by the morato.com e-commerce portal).
Promotional and profiling purposes
2. Following your free consent expressed when you check the appropriate boxes on the forms available on the morato.com portal, the data that you provide may also be processed for the following purposes:
a. Promotional purposes, including commercial communication or the sending of advertising material, or direct sales, market research using traditional contact methods – by post or telephone – or automated contact methods – such as text messages, fax, email or telephone calls without operator. You may withdraw your consent at any time.
b. Profiling, such as identifying your buying habits and tendencies, to better customize the services we provide, to satisfy your needs with advantageous promotions, and to propose new services and products. We pursue this through an automated decision-making process that creates clusters of consumers based on their buying behaviours (frequency, type of items purchased and similar indices).
III. Use and storage
Your data are used by electronic means and stored on electronic media.
IV. Data circulation
Your data may be used by our personnel assigned a specific role (e.g., authorized) for processing and given appropriate instructions, as well as by third-party companies providing services to Essidi and which act as data supervisors under our direction and control.
Moreover, if you agree to processing by checking the option, your data may also be communicated to other web marketing companies for promotional and profiling purposes. For more information on the names of these third-party companies, please contact us at firstname.lastname@example.org
V. Data transfer abroad and disclosure
Due to the international nature of Essedi's activities, data may be transmitted and processed by subjects falling within the categories referred to in point IV above, located within the European Union. Any data transferred to non-EU countries for necessary activities on behalf of Essedi, are subject to specific guarantees protecting personal data through the adoption of ad hoc contractual clauses.
Your personal data will not be disclosed.
During processing, you may exercise the following rights at any time:
✓ obtain confirmation of the existence or otherwise of your data and, if so,
✓ know its content and origin
✓ verify the accuracy of the data, request correction of incorrect data, integration of incomplete data or updating of old data, or
✓ have processing limited, under one of the hypotheses provided for in Article 18 GDPR
✓ request the deletion of data processed in violation of the law, or in the presence of one of the other conditions provided for in Article 17(1)(a), (b), (c), (e) and (f) of the GDPR
✓ oppose data processing for legitimate reasons, or oppose processing in the other cases provided for in Article 21(2), (3) and (22) of the GDPR
✓ revoke your free consent given to the processing of personal data for one or more specific purposes at any time
✓ obtain the release of your personal data in a format compatible with the standard computer applications, in order to allow their transfer to other platforms of your choice, without hindering the direct transmission of the processed data to another Data Controller, where direct transmission is technically feasible (so-called right to data portability)
Requests relating to the exercise of these rights should be sent to the Data Controller at email@example.com
Should the Data Controller fail to or only partially comply with the aforesaid requests, you have the right to complain or report it to the Data Protection Authority under the terms and according to the methods provided by national law.
VII. Payments with Klarna
In order to offer you Klarna’s payment methods, we might in the checkout pass your personal data in the form of contact and order details to Klarna, in order for Klarna to assess whether you qualify for their payment methods and to tailor those payment methods for you. Your personal data transferred is processed in line with Klarna’s own privacy notice.
VIII. Fraud prevention
In some cases, in order to finalise your purchase, it may be necessary to carry out some additional checks with a view to preventing fraud and, therefore, you may receive communications, also by email from our dedicated account firstname.lastname@example.org, in which we will ask you to send us the authorisation code, a copy of your identity document and the credit card used for the purchase, on which we ask you to obscure the eight central digits. The data collected in this way will be retained for 1 (one) year from the time of their collection for evidentiary purposes, to cooperate with the judicial authorities and to deal with any disputes that may arise in this regard. In this case the legal basis is the contract and the legitimate interest of the Controller. We guarantee that the data collected in this way will be processed in full compliance with the regulations in force for the safeguard and protection of personal data and may have to be shared with third parties who process credit or debit card payments and perform anti-fraud checks, banks, judicial authorities..