PRIVACY POLICY
Informative statement on the processing of Personal Data
pursuant to Article 13 of EU Regulation 679/2016 (the “Regulation”)
BRECO’S puts privacy and personal protection first, especially with regards to Personal Data.
Therefore, before providing us with any Personal Data, please read this Privacy Policy carefully, as it contains important information on how your Personal Data will be processed and the protection we guarantee to anyone visiting our Website.
This Privacy Policy:
- applies to the Website https://www.brecos1975.com (hereinafter the “Website”);
- is an integral part of our Website and the services we offer;
- is provided pursuant to Article 13 of the Regulation, to those who interact with the Website’s online services, through:
- basic consultation; or
- the use of services provided on the Website (including, without limitation, purchasing a product, creating an account, filling in online information or newsletter subscription forms (to ask for information or to subscribe to our newsletter).
***
SUMMARY:
Introduction
1. Who is the Data Controller?
2. Which Personal Data are subject to the processing?
3. What are the purposes of the processing?
4. What are the legal basis and the nature of the processing?
5. Who are the Recipients of Personal Data?
6. How long will the data be stored for?
7. What are my rights?
8. How is the privacy policy updated?
9. How can I contact the Data Controller?
***
Your Personal Data will be processed in accordance with the principles of fairness, lawfulness, transparency, purpose and storage limitation, minimisation, accuracy, integrity, and confidentiality, as well as the principle of accountability referred to in Article 5 of the Regulation. Therefore, your Personal Data will be processed in accordance with the legislative provisions of the Regulation and the obligations of confidentiality set forth therein.
Specific security measures are implemented to prevent data loss, unlawful or incorrect use of, and unauthorised access to, Personal Data.
Processing of Personal Data shall mean any operation or set of operations performed on Personal Data, whether or not by automatic means, such as collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.
In accordance with Article 4(1)(i) of the Regulation, data subjects shall mean any individual who communicates his/her Personal Data.
1. Who is the Data Controller?
ACS S.r.l. con sede in via dei Salici, 245/249 - 47842 San Giovanni in Marignano (RN) - Italy, tax code and registration number in the Companies’ Register of Pordenone 01563680303, is the controller (the “Controller”) and can be contacted via email about this Privacy Policy at any time at
privacy@brecos1975.com.
2. Which Personal Data are subject to the processing?
The Personal Data subject to the processing may include: an identifier such as a name, an identification number, an online identifier (username), or one or more of your physical and physiological traits, location data or any other data provided by you and that is useful for your identification, depending on the type of services requested.
The Personal Data processed through the Website are the following (“
Personal Data”):
You can find more information about cookies
here.
During normal usage, the computer systems and software procedures used to operate the Website collect some Personal Data, the transmission of which is implicit in the use of Internet communication protocols. This information is not collected in order to be associated to identified data subjects, but due to its same nature it can, by means of processing and integration with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by the users to connect to the website, URI (
Uniform Resource Identifier) form addresses of the requested resources , the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the reply given by the server (done, error, etc.) and other parameters concerning the user's operating system and computer environment. These data are used solely to obtain anonymous statistical information concerning the use of the Website, to check that the Website functions correctly, and to identify malfunctions and/or abuses. In any case they are deleted immediately after being processed. These data may also be used to ascertain liability in case of hypothetical computer crimes to the detriment of the Website or of third parties.
- Data provided by the user
This Privacy Policy also applies to the processing of any data you voluntarily supplied, for example via the various forms you can find on the Website (e.g. to receive newsletters and information from the customer service, to create a new account) or in our stores. Please do not supply any data that fall under the special categories of Personal Data referred to in Article 9 of the Regulation ([…] Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation).
Please note that any Personal Data of third parties you provide while browsing the Website may be processed (e.g. while shopping products to be shipped to third parties). In this case, you shall be considered as an independent data controller and you shall assume all responsibility thereto. With regard to such data, you fully indemnify us against any complaint or claim that the Controller might receive from the third parties whose Personal Data were processed through your use of the Website services. In any case, if you provide or process Personal Data of third parties while using the Website, you hereby guarantee that such third party has given his consent to the processing of his/her Personal Data.
3. What are the purposes of the processing?
With your prior consent, your Personal Data will be processed for the following purposes, if applicable:
3.1 to allow you to browse the Website and enable us to provide our services, including the protection of Website security, as well as our contractual, administrative and accounting relationships;
3.2 to meet your specific requests;
3.3 tto fulfil our legal obligations as requested by the applicable law, by regulations or by the Community legislation, or to meet any request from authorities;
3.4 tto transmit direct marketing communications via email for products similar to those purchased, pursuant to Article 130, paragraph 4 of the Decree Law no. 196/2003 (the “Code”), unless you have indicated that you do not want to receive such communications. You can express your refusal at any time;
3.5 tto send you promotional and marketing communications, including newsletters and market research, by automated (text messages, mms, emails, push notifications, fax) and non-automated means (paper-based mail, phone call with an operator); please note that the Controller acquires just one consent for the aforesaid marketing purposes, pursuant to the General Measure of Personal Data Protection Authority “Guidelines on Marketing and against Spam” dated 4 July 2013. In any case, if you want to object to the processing of your Personal Data for the marketing purposes carried out by said means, you can do so at any time by contacting the Controller, without prejudice to the lawfulness of the processing based on your consent prior to the withdrawal;
3.6 tcommunicate your Personal Data to other companies of the ACS Group in order for them to send their promotional and marketing communications, including newsletters and market research via automated (text messages, mms, email, push notifications, fax) and non-automated means (paper-based mail, phone call with an operator);
3.7 tfor statistical purposes, with the understanding that your Personal Data cannot be traced back to you.
4. What are the legal basis and nature of the processing?
Your Personal Data are processed:
4.1 for the purposes referred to in 3.1 and 3.2, pursuant to Article 6(1)(b) of the Regulation ([…] processing is necessary for the performance of a contract to which the data subject is a party or to adopt precontractual measures at the data subject’s request , since the processing is necessary for the provision of the services. The submission of Personal Data for these purposes is discretionary, but any failure to provide such data will prevent us from providing the services requested.
4.2 for the purposes referred to in 3.3, pursuant to Article 6(1)(c) of the Regulation ([…] processing is necessary for compliance with a legal obligation to which the controller is subject). Once you have provided your Personal Data, the processing is necessary to fulfil the legal obligations binding on the Controller.
4.3 for the marketing and communication purposes referred to in 3.5 and 3.6, after giving your consent pursuant to Article 6(1)(a) of the Regulation ([…] the data subject has given consent to the processing of his or her Personal Data for one or more specific purposes). Providing your Personal Data for these purposes is not mandatory and does not affect the use of services. If you want to object to the processing of your Personal Data for marketing or communication purposes (see 3.5 and 3.6), you can do so at any time by sending an email to
privacy@brecos1975.com.
4.4 for the purposes referred to in 3.4, pursuant to Article 130, paragraph 4 of the Code, the Controller may use the electronic mail information you provided upon purchasing a product without being obliged to request your prior consent, provided that the communications are related to products that are similar to those you purchased and you have not indicated that you do not want to receive such communications.
Finally, we specify that the processing referred to in 3.7 is not linked to Personal Data and therefore can be freely carried out by the Controller.
5. Who are the Recipients of Personal Data?
For the purposes laid down in Article 3 of this Privacy Policy, your Personal Data may be shared with:
5.1 subjects that typically act as processors, pursuant to Article 28 of the Regulation, i.e.: (I) individuals, companies or professional firms that provide assistance and advice to the Controller for accounting, administrative, legal, tax and financial matters; (II) individuals in charge of technical maintenance; (III) credit institutions, companies and insurance brokers;
5.1 subjects, bodies or authorities to whom the communication of your Personal Data is mandatory by virtue of legal provisions or orders of the competent authorities;
5.1 individuals that are authorized by the Controller, pursuant to Article 29 of the Regulation, to process the Personal Data necessary for purposes that are strictly connected to the supply of services. These individuals shall have committed themselves to confidentiality or are under an appropriate legal obligation of confidentiality;
5.1 companies of the Group, for internal administrative purposes;
5.1 companies of the Group, for the purposes referred to in 3.7, with your prior explicit consent (as set out in more detail in point 4).
Such subjects shall be hereinafter collectively referred to as “
Recipients”.
6. How long will the Personal Data be stored for?
The Personal Data processed for the purposes referred to in 3.1 and 3.2 will be stored for the period of time strictly necessary to fulfil such purposes. In any case, being that the processing is necessary to supply the services, the Controller will retain the Personal Data for the period of time provided for and allowed by Italian law in order to protect his own interests (Article 2946 of the Italian Civil Code
et seq.).
The Personal Data processed for the purposes referred to in 3.3 will be stored for the period of time provided for by the specific applicable legal obligation or regulation.
For the purposes referred to in 3.4 your Personal Data will be stored as long as you do not object to the processing.
As for the purposes referred to in 3.5 and 3.6, your Personal Data will be processed for such purposes respectively for a maximum time period of 24 months. In any case, the Controller may store your Personal Data for the period of time provided for and allowed by Italian laws in order to protect his own interests (Article 2947, paragraphs 1 and 3 of the Italian Civil Code).
7. What are my rights?
Pursuant to Chapter III of the Regulation, at any time you have the right to obtain confirmation as to whether or not personal data concerning you are being processed, to obtain information on their content and origin, to verify their accuracy or ask for your personal data to be integrated, updated or rectified. You have the right to ask for the erasure, transformation into anonymous form or blocking of data processed in violation of the law. You also have the right to request access to your Personal Data, to object to the processing, to ask for restriction of processing in the cases provided for by Article 18 of the Regulation, where technically possible, to ask for the erasure of your Personal Data in the cases provided for by Article 17 of the Regulation, as well as to receive Personal Data concerning you in a structured, commonly used format, in the cases provided for by Article 20 of the Regulation.
In any case, you always have the right to lodge a complaint with the Data Protection Supervisor, pursuant to Article 77 of the Regulation, if you considers that the processing of your Personal Data infringes this Regulation.
8. How is the privacy policy updated?
The Controller reserves the right to edit or update this Privacy Policy, in whole or in part, even consequent to any further variation in the applicable legislation. For this reason, please visit this section on a regular basis to be informed in an up-to-date manner on our Privacy Policy. In any case,, we will notify you any future amendments.
9. How can I contact the Controller?
You can contact the Data Controller to exercise your rights or for any other request by writing to the physical address referred to in Article 1 or to the dedicated email address
privacy@brecos1975.com.
Latest update: 01.08.2019