Gruppo Sinergia S.r.l., with registered office in Viale Artigianato, 32 – 37064 Povegliano Veronese (VR), enrolled in the Verona Chamber of Commerce under number VR – 372994, tax code and VAT number 03879570236 (hereinafter also referred to as “the Company”) hereby provides you, as you are about to make a purchase (on your own behalf or on behalf of the Company that you represent), with information on the purposes and methods of processing of the data you have provided and which will be in your possession.
Please only provide your own data (except as specified below in point 3, lett. E of this policy) and/or the data pertaining to the company that you represent.
Purposes and legal basis
The Company will be processing your data:
- A to perform obligations arising from the purchase contract and therefore also for administrative-accounting purposes and for the management of the order. With regard to credit card data, please also refer to what is contained in the website “payment” section; the data processing has the following legal basis: it is necessary for the performance of contractual obligations;
- B to fulfil an obligation imposed by law, regulation or EU legislation; the legal basis of the data processing is: fulfilling a legal obligation;
- C for legitimate interests such as to assert or defend a right of the Company; the legal basis of the data processing is: the pursuit of legitimate interests.
Compulsory provision of data
- The provision of data in the form marked as compulsory (those marked in bold) is necessary for the purposes referred to in point 2, lett. A of this policy and therefore any refusal to provide it in whole or in part may make it impossible for the Company to perform the contract and therefore, for the User, to purchase the products offered. The indication of the product to be purchased and the method of payment is necessary for the User to be able to purchase the product (and therefore, again, for the purposes under point 2, lett. A of this policy) and failure to provide such information will result in the product not being purchased. With regard to shipping data, where they differ from billing data, please see what is set out in point 3, lett. E of this policy. Unless otherwise specified in this policy, the data in the optional fields may be provided voluntarily and failure to do so shall have no consequence other than the data will not be available for use (which data may in any case be useful for achieving the purposes in question).
- The provision of personal details and data necessary to fulfil the purposes referred to in point 2, lett. B and C is necessary and failure to do so will make it impossible to carry out the purchase contract.
- The provision of data concerning credit cards or other payment means is optional; failure to provide such data will make it impossible to complete a payment using those means. However, the provision of at least one payment mean is necessary and failure to provide this information will make it impossible to carry out the purchase.
- The data required when requesting an invoice (such as VAT number and company name or tax code) is optional, but failure to provide such data will make it impossible to issue the invoice with the data indicated, if requested.
- Providing data in relation to alternative shipping addresses is optional, but failure to provide the data in bold will make it impossible to send any material to the address provided. We remind you that for these specific activities, you shall undertake, under your own responsibility, to obtain the consent of the person whose data you indicate so that the Company may send goods to their address, informing them that the data will be disclosed to the Company, which may in turn disclosed them to carriers and forwarding agents, and that the provision of the data is optional, however that failure to provide them will make it impossible to have the goods shipped to the address indicated. You shall therefore undertake to obtain consent to the data disclosure to the Company so that they may be processed for the purposes of managing shipping. Your data will then also be shared with those who receive the goods.
Categories of data recipients
The data may be disclosed by the Company for the purposes referred to in point 2, lett. A of this policy (only disclosing the data that are necessary for the pursuit of each individual purpose) to: banks and operators of payment methods for the management of payments, carriers and forwarding agents for the delivery of goods, companies to which the contracts may be transferred in accordance with the provisions of the purchase contract (in this case, in fact, the contract transfer shall also entail the transfer of data relating to the contract and its performance and management), lawyers and legal consultants, auditing companies where not appointed as data processors. For the purposes of point 2, lett. A and C of this policy, the data may be disclosed (only to the extent that is necessary to pursue such purposes) to judicial authorities, tax police and public security authorities and to public bodies if there is an obligation to do so, as well as to law firms and legal consultants and the post office (which may have access to the address data to be able to send written notices).
For the purposes of point 2, lett. B of this policy, the data may be disclosed (only to the extent that is necessary to pursue such purposes) to judicial authorities, tax police and public security authorities and to public bodies if there is an obligation to do so.
The data may also be disclosed on behalf of the Company to all persons, each in his or her own capacity, delegated by the Company (administrative staff, shipping and enveloping staff, including those external to the Company, website management staff, including those external to the Company, computer technicians responsible for managing information systems who may also act as system administrators, public relations staff, legal staff, members of the Board of Directors and of the Board of Auditors, internal auditors, interns, freelance professionals and consultants-contractors, including those external to the Company, who act under the direct responsibility of the Company, such as, for example, IT technicians who may also perform the functions of system administrator, quality consultants, legal consultants and auditors, collaborators of the data processors) and the data processors appointed by the Company pursuant to Article 28 of the GDPR (e.g. companies-professionals-firms that carry out activities that are instrumental to the Company such as, for example, shipping and enveloping activities or call centres, auditing activities and public relations, IT outsourcing companies, companies that provide assistance in managing sales and the platform). The list of data processors may in any case be obtained by contacting the Data Controller through the contact details provided in point 6 of the policy.
The data will be retained for as long as is necessary to pursue the purposes contained in this policy. The retention period is as follows:
– in relation to legal obligations, regulations and EU legislation, data may be retained for the time periods required by these regulatory sources;
– in relation to contractual obligations, data may be processed until the termination of the relationship and also after its termination for the period determined by Italian and European regulations;
In any case, all data may be retained for a period necessary to enforce or defend a right of the Company under Italian and European law.
Data Controller and Data Protection Officer
The Data Controller is Gruppo Sinergia S.r.l., with registered office in Viale Artigianato, 32 – 37064 Povegliano Veronese (VR), registered with the Verona Chamber of Commerce under number VR – 372994, tax code and VAT number 03879570236, e-mail: firstname.lastname@example.org
We hereby inform you that the GDPR allows the data subject to request to the Company (using the contact details provided above) full access to its personal data and the rectification of such data, the data erasure, a restriction to the data processing, and the right to data portability; the data subject may also object to the processing of its data, again by contacting the Company, and exercise the other rights set forth in Chapter 3, Section 1 of the GDPR, including that of revoking consent, where envisaged: revocation of consent shall not however affect the lawfulness of the processing based on the consent given before revocation.
If you believe that your rights have been violated, you may in any event lodge a complaint with the Italian Data Protection Authority, whose details can be found at www.garanteprivacy.it.
We therefore inform you that the data provided shall be processed using computerised and paper/manual systems, adopting suitable protection systems to safeguard confidentiality. All data shall be stored and processed in a manner that will fully protect confidentiality in compliance with all the regulations in force (and therefore also in accordance with the principles of fairness, lawfulness and transparency and protection of confidentiality and rights) and strictly in the pursuit of the purposes set out in this policy. Only the operations necessary to pursue the purposes set out in this policy shall be carried out on the data. The data shall be stored, as far as the Company is concerned, at its headquarters or server farm and as far as the data processors are concerned, at their headquarters or server farms. Any data disclosed to third parties will be stored and processed by them independently. The data will also be arranged in databases, including computerised databases.
Other information relating to processing by the platform owner
If you have consented to the processing of your data by Pettenon Cosmetics S.p.A. S.B. for profiling purposes, your purchase data may also be accessed by Pettenon Cosmetics S.p.A. S.B. with registered office in via del Palù, 7d, 35018 San Martino di Lupari PD, Tax Code, VAT number and Padua Company Register No. 04937500280, E.A.I. No. PD 430007
Policy updated as of 12/04/2022