E-COMMERCE STATEMENT pursuant to Article 13, Regulation (EU) 2016/679 ("GDPR")
1. DATA CONTROLLER
UMBRAGROUP S.p.A., with registered office at 1 Via V. Baldaccini - Z.I. Loc. Paciana, Foligno (Perugia), in the person of its legal representative pro tempore ANTONELLO MARCUCCI, is the data controller of your personal data (the "Controller" or "UMBRA").
2. DEFINITION OF PERSONAL DATA AND INFORMATION ON THE PROCESSING ACTIVITIES
Pursuant to the GDPR, the term “personal data” means: "any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person” (the "Data").
This policy statement regards the processing only of the personal data of users of/visitors to the e-commerce section of the umbragroup.com website and those who register for e-commerce. It does NOT regard the processing of personal data concerning the economic transactions connected with online purchases made on the UMBRAGROUP site, which are governed directly by the competent sites than handle such transactions currently via PayPal.
This statement covers the processing of the following types of personal data of the data subjects concerned (users of/visitors to the UMBRAGROUP website):
Data collected automatically
During their normal operation, the IT systems and applications used for the functioning of the UMBRAGROUP detect certain data (the transmission of such data is implicit in the use of the Internet communication protocols) potentially associated with identifiable users. Among the data collected are the IP addresses and domain names of the computers used by the users who contact the website, the URIs (Uniform Resource Identifiers) of the resources requested, the time of the request, the method used to send the request to the server, the size of the file received in response, the numeric code indicating the status of the response given by the server (success, error, etc.), and other parameters concerning the operating system, browser, IT environment used by the user. These data are processed, strictly for the time necessary, for the sole purpose of obtaining statistical information on the website use and to monitor its proper functioning. The provision of these data is obligatory since they are directly connected with the web navigation, as specified in detail in the statement on this type of data processing, published on the website in the dedicated section under the name “privacy policy”.
Cookies
The site uses technical/profiling cookies of first/third parties who might collect user navigation data. The provision of such data is obligatory for the technical cookies in order to make navigation possible, while for profiling and third-party cookies it is optional, and obtained through specific, informed, freely expressed consent. The purpose of the cookies is to analyze the effectiveness of the site and make it more and more simple and intuitive. Detailed information on the processing of the data obtained through the cookies is available in the specific Cookie Policy published on this website in the dedicated section.
Data provided by the data subject (User / visitor)
To manage e-commerce purchases it is necessary to provide certain personal data such as: first and last name/company name, e-mail addresses, password used for registration, personal/company address (country, city, province/state, zip code), tax-related data for invoicing purposes (tax code/VAT no., recipient code (SDI), certified e-mail address, and billing and shipping address(es).
Communication of your personal data is voluntary; however, it is necessary and essential that you provide at least the information marked with an asterisk on the information form, because it is needed in order to finalize the sale and purchase contract and process the order. If you do not provide this necessary information, UMBRA will not be able to supply the goods requested. However, there will be no consequences if non-essential personal data is withheld.
The personal data you transmit to us will be used solely for the specific purposes indicated in Article 3 below.
In any case, UMBRA agrees to ensure that the information collected and used is appropriate for the purposes described, and that its collection does not determine an invasion of your personal privacy.
3. PURPOSES OF THE PROCESSING
The purposes for which personal data are collected and processed within the framework of the site navigation and registration with the e-commerce section of the UMBRAGROUP website are as follows:
a) acceptance and management of the registration of data subjects with the e-commerce section of the Internet website;
b) management of the account created by the data subjects with their registration;
c) acceptance and management of the online purchase requests for products offered for sale;
d) management of the finalized sale and purchase contract and its processing (management of shipping and delivery);
e) management of the activities that are functional, instrumental, and/or complementary to the sale and purchase contract, as well as management of the sales and post-sales support requests that arrive via the specific support e-mail address, the “help desk” web page, or the dedicated phone number;
f) management of the administrative, accounting, and tax-related duties, as well as the statutory legal obligations of the Data Controller resulting from the finalized sale and purchase contract;
g) carrying out of activities intended to improve the company processes, in order to guarantee higher quality and effectiveness standards for the services offered;
h) sending of commercial communications and information to the data subjects about products offered by UMBRAGROUP S.p.A., but only for products similar or complementary to those already purchased by the user/data subject (so-called “soft-spam”);
i) conducting of market research, direct sales (including by telephone), marketing activities, sending of commercial, advertising, promotional material or communications and information on offers also concerning new products offered by UMBRAGROUP S.p.A.;
l)Sending and distribution of company and Group communications (for example: projects of national interest in which Umbra participates and/or which it supports; awards received; events organized or in which it participates; institutional company videos; television or radio segments; press reviews), and sending of promotional or advertising communications, i.e., merely by way of example: information and/or invitations to events organized by UMBRA at the sites of the various Group companies or at third-party facilities, information about and/or invitations to trade fairs and events in which UMBRA participates, promotion of advertising and marketing events, and offers regarding new products or services offered by UMBRA. The promo-advertising communication is customized on the basis of the data subject’s business sector and the interests and preferences expressed when participating in the Controller’s various initiatives; this is in order to avoid undesired mailings and those which, in any case, would be of little interest to the data subject.
The legal bases for the processing of your data may be found, alternatively, in the following:
4. PROCESSING PROCEDURE AND OBLIGATION OF CONFIDENTIALITY
Your data are processed using IT and/or paper-based systems, by parties authorized by the Controller and committed to guaranteeing the confidentiality of the processing, using methods appropriate for the purposes and in any case capable of guaranteeing the security and confidentiality of the data. There will be no dissemination of your data to unspecified parties.
The processing of your personal data, within the limits of the pursuit of the marketing purposes stated in letters i) and l) of Article 3 above, requires the expression of explicit, clear, and freely given consent in accordance with the indications given in the GDPR. If you do not give your consent, this will have no effect on the normal acceptance and management of your requests but will simply prevent the processing of your data for marketing purposes.
5. TRANSFER OF DATA TO EU AND NON-EU PARTIES
UMBRA may transfer some of your data to parties on which it relies for the performance of activities connected with the management of the services provided.
In particular, in order to achieve the purposes described in paragraph 3 above, as an integral part of the processing activities your data may be transferred to outside providers of IT services, as well as to outside consultants who will process your data in their capacity as Processors.
The list of Processors is kept up to date by the Internal Processing Representative, Administration and Finance Manager, and is available for consultation through that office.
Furthermore, the Controller may transfer your data both to parties to which it is bound by law to transmit them, and to the other Group companies located within the European Union, whether subsidiaries or affiliates.
6. STORAGE PERIOD
Your personal data will be kept by UMBRA as follows:
- for the processed data which are necessary for the pursuit of the purposes stated under letters a) through e) and g) through h) of Article 3 above: for a period of 24 months after the data subject’s registration with the e-commerce section if no purchase is made or, in the case of a purchase, after the performance of the last sale and purchase contract;
- for the processed data which are necessary for the pursuit of the purposes stated under letter f) of Article 3 above: for a period of 10 years after the issuing of the sales invoice;
- in relation to the pursuit of the marketing purposes, as indicated under letters i) and l) of Article 3 above: until the date of reception of the data subject’s notification withdrawing their consent.
At the end of said periods, the data will be deleted or rendered anonymous.
In the event a dispute arises in or out of court with the data subject and/or third parties, the data will be processed for the entire duration of the litigation and in any case for as long as is necessary for the Data Controller to fully defend its rights.
7. YOUR RIGHTS AS A DATA SUBJECT
During the period in which UMBRA holds or processes your data, you, as the data subject, may exercise the following rights at any time:
Such requests may be sent to UMBRA using exclusively the following e-mail address: privacy.ugi@umbragroup.com
7. COMPLAINTS
If you wish to lodge a complaint with regard to how UMBRA processes your data, or with regard to the management of a complaint you have lodged, you have the right to do so directly to the supervisory authority.
The Controller