INFORMATION ON DATA PROCESSING
PERSONAL DATA OF USERS WHO CONSULT THE WEBSITE OF
FULA S.R.L.
Regulation (EU) 2016/679
WHY THIS INFORMATION
This information is provided pursuant to and for the purposes of articles 12, 13 and 14 of EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 relating to the protection of natural persons with regard to the processing of personal data, as well as to the free circulation of such data and which repeals Directive 95/46/EC” (hereinafter the “Regulation” or GDPR).
In particular, this information describes the management methods of the FULA S.R.L. website. in relation to the processing of personal data of users who consult it and of those who interact with web services accessible electronically from the address
https://olayanails.com
This information, therefore, is provided only for the FULA S.R.L. website. and not for other websites that may be consulted by the user via links.
We therefore invite the User to read it and check it carefully periodically, in order to check for any updates or revisions that may become necessary.
DATA OF THE DATA CONTROLLER
The data controller is FULA S.R.L., with registered office in Bari (BA), Via Giovanni Amendola 166/5 – postal code 70126, e-mail address: privacy@olayanails.com, pec address: olaya@messaggipec.it, Tel: + 39 3792504308
CONTACT DETAILS OF THE DATA PROTECTION OFFICER
The data protection officer, designated pursuant to and for the purposes of article 37 et seq. of EU Regulation 2016/679, can be contacted by email to be sent to the address: rpd@olayanails.com and/or by registered letter a.r. to be delivered to: FULA S.R.L., Via Giovanni Amendola 166/5 – 70126 Bari (BA), to c.a. of the data protection officer.
TYPE OF PERSONAL DATA, PURPOSE OF THE PROCESSING, LEGAL BASIS AND STORAGE PERIOD
1. NAVIGATION DATA: IP addresses, domain names of computers or terminals used by users, addresses in URI/URL notation of the requested resources and other parameters relating to the operating system and the User's IT environment.
PURPOSE: to allow navigation on the website and for security reasons.
DESCRIPTION OF PURPOSES: to check the correct functioning of the website; ascertain responsibility in case of any computer crimes against the site; ascertain and/or defend and/or protect the rights of the Data Controller.
LEGAL BASIS: The processing is necessary for the pursuit of the legitimate interest of the Data Controller which takes the form of ascertaining and/or defending and/or protecting its rights (art.6, paragraph 1, letter f) of the Regulation).
STORAGE PERIOD: Personal data may be stored for a period of time no longer than is necessary for the purposes for which they were collected and processed.
2. DATA PROVIDED VOLUNTARILY BY USERS IN THE “CONTACTS” SECTION: e-mail address, attached document, data included in the message.
PURPOSE: to process requests for information made by the User.
DESCRIPTION OF PURPOSES: manage user requests through e-mail and/or telephone calls.
LEGAL BASIS: the processing is necessary for the execution of a contract of which the interested party is a party or for the execution of pre-contractual measures adopted at the request of the same (art.6, paragraph 1, letter b) of the Regulation).
STORAGE PERIOD: The data voluntarily provided in this section are stored for the time strictly necessary to process requests for information from the User (and in any case no later than 24 months from the date of receipt of the request).
3. DATA VOLUNTARILY PROVIDED BY THE USER FOR REGISTRATION ON THE WEBSITE AND TO CREATE AN ACCOUNT: e-mail address and password.
PURPOSE: To manage the User's registration and subsequently allow access to the reserved area of the website.
DESCRIPTION OF PURPOSES: to identify and authorize the User who decides to register on the Owner's website.
LEGAL BASIS: the processing is necessary for the execution of a contract of which the interested party is a party or for the execution of pre-contractual measures adopted at the request of the same (art.6, paragraph 1, letter b) of the Regulation).
STORAGE PERIOD: the data provided voluntarily in this section are stored for the time strictly necessary to achieve the purpose and in any case for the period necessary to carry out the requested services.
4. ONLINE PURCHASES: identification data such as name and surname, tax code, VAT number; contact data such as email address, telephone number, delivery address; terms of payment.
PURPOSE: conclusion and executionof the online product purchase contract.
DESCRIPTION OF PURPOSES: management of requests for information on product availability, booking, payment management, invoicing and shipping.
LEGAL BASIS: the processing is necessary for the execution of a contract of which the interested party is a party or for the execution of pre-contractual measures adopted at the request of the same (art.6, paragraph 1, letter b) of the Regulation); the processing is necessary for the pursuit of the legitimate interest of the owner which takes the form of carrying out checks aimed at preventing fraudulent activities through the use of credit cards (art.6, paragraph 1, letter f) of the Regulation); the processing is necessary to fulfill a legal obligation to which the Data Controller is subject (art.6, paragraph 1, letter c) of the Regulation).
STORAGE PERIOD: For the management of pre-contractual activities: until the end of the pre-contractual activities. For the management of contractual activities: 10 years from purchase. For the fulfillment of a legal obligation: 10 years from the end of the contractual relationship.
5. APP REGISTRATION
6. PURPOSE: To register; process orders; execute a commercial transaction; send requests for information by email; join the loyalty program.
DESCRIPTION OF PURPOSES: indicate the products to be purchased, the chosen payment methods, the invoicing data and the place of delivery.
LEGAL BASIS: the processing is necessary for the execution of a contract of which the interested party is a party or for the execution of pre-contractual measures adopted at the request of the same (art.6, paragraph 1, letter b) of the Regulation).
STORAGE PERIOD: The data voluntarily provided in this section are stored for the time strictly necessary to achieve the purpose and in any case for the period necessary to carry out the requested services and to comply with legal obligations.
7. NEWSLETTER: e-mail address.
PURPOSE: sending newsletters to Users who request it.
DESCRIPTION OF THE PURPOSES: sending periodic informative electronic communications regarding promotions and/or initiatives and/or news to those who explicitly request them, completing the appropriate form on the site and authorizing the Data Controller to process their data for the specific purpose: information service to build customer loyalty.
LEGAL BASIS: The interested party expressed consent to the processing of their personal data for the specific purpose when completing and sending the newsletter subscription form (art.6, paragraph 1, letter a) of the Regulation).
STORAGE PERIOD: The data provided for subscribing to the newsletter are stored for the period in which the service is active (maximum 24 months). The User can deactivate the service at any time by clicking on the unsubscribe link.
8. COOKIES: see “Cookie Policy” published on the website of the Data Controller.
TREATMENT METHODS
The data is processed at the registered office of the Data Controller and at the web hosting data center. The web hosting is located in the European Economic Area and acts in compliance with the provisions of the mandatory legislation on the protection of personal data. These data are also processed by the employees of the Data Controller, authorized, instructed and trained (art.29 of the Regulation).
Specific physical, logical and organizational security measures are observed to prevent data loss, illicit or incorrect use, unauthorized access, such as, by way of example and not limited to, being constantly evolving and updated:
- Identification of personnel authorized to process users' personal data, educated and trained;
- Controlled access to the rooms where the data is contained;
- Use of personal and secret credentials by those authorized to digitally process data;
- Adoption of central and peripheral logical security systems, such as updated firewalls and antiviruses;
- Adoption of backup procedures.
NATURE OF THE PROVISION OF DATA
The provision of navigation data is automatic and implicit in Internet transmission protocols; the provision of data relating to the "Contact us" section is voluntary and optional: failure to provide it will make it impossible for the user to request information.
The provision of data voluntarily provided by the User for registration on the website and to create an account is optional; failure to provide it will make it impossible to register and create your own account. Providing the data necessary to make an online purchase is optional; failure to provide it determines the impossibility of making the purchase via theOnline shop. Providing data for receiving the newsletter is optional; failure to provide it determines the impossibility of receiving this information service.
RECIPIENTS OF THE DATA
Third party service providers
Users' personal data may be shared, on behalf of the Owner, with third party service providers who act as data controllers in order to make use of the Site possible. By way of example, such third parties may include professionals and/or companies that they deal with the management or maintenance of the IT infrastructure on which the Site is based (hosting providers, cloud services, IT companies).
Third parties in compliance with a legal obligation or to protect the rights of the Company
The communication of users' personal data may take place to institutions, law enforcement agencies, judicial or public security authorities, as part of a legal proceeding, to fulfill a legal obligation or ascertain and/or defend and/or protect a right.
Third parties acting as independent owners – Payment service providers
Discover
Visa
Afterpay
PayPal
MasterCard
PayPlug
TRANSFER OF DATA TO A THIRD COUNTRY
Without prejudice to the above, the personal data provided by the user may be freely transferred within the EU territory. However, where, for the purposes indicated, the Company needs to transfer your personal data outside the European Union to countries not considered adequate by the European Commission, the Company will adopt the necessary measures to protect your personal data, in compliance with the guarantees by law pursuant to the applicable legislation and in particular articles 45 and 46 of the GDPR.
RIGHTS OF INTERESTED PARTIES
In relation to the data processing described in this information, the interested party may exercise, at any time, the rights provided for by the Regulation in question (articles 15-21), identified below:
receive confirmation of the existence of your personal data and access their content (right of access);
update, modify and/or correct your personal data (right of rectification);
request the cancellation or limitation of the processing of personal data processed in violation of the law including those whose retention is not necessary in relation to the purposes for which the data were collected or otherwise processed (right to be forgotten and right to limitation) , without prejudice to an overriding public interest or a legal obligation of the Company to conserve them;
object to the processing, including profiling (right to object), without prejudice to the existence of an overriding legitimate reason for the Company to continue the processing;
revoke consent, where given;
without prejudice to any other administrative or judicial appeal, the interested party who believes that the processing concerning him or her violates EU Regulation 2016/679 has the right to lodge a complaint with a supervisory authority, in particular in the Member State in which he/she habitually resides, works or the place where the alleged violation occurred. In Italy this supervisory authority is represented by the Guarantor for the protection of personal data (www.garanteprivacy.it);
receive a copy in electronic format of the personal data concerning him, to transfer them to a different service provider, in the cases in which the Company processes such data on the basis of consent or on the basis of the circumstance that the processing is necessary for the provision of the services requested by the interested party and the data are processed through automated tools (right to data portability).
RIGHT TO COMPLAINT - JURISDICTIONAL APPEAL
Interested parties who believe that the processing of personal data relating to them carried out through this Site is in violation of the provisions of the Regulation have the right to lodge a complaint with the Guarantor, as provided for by the art. 77 of the Regulation itself, or to take action in the appropriate judicial offices (art. 79 of the Regulation).
Methods for exercising rights
To exercise the above rights, the interested party may submit a specific request to the Data Controller by email to the address: e-mail address: privacy@olayanails.com or by registered letter with return receipt. to be delivered to: FULA S.R.L., with registered office in Bari (BA), Via Giovanni Amendola 166/5 – postal code 70126. To exercise the above rights, the interested party may also submit a specific request to the data protection officer personal by email communication to the address: rdp@olayanails.com and/or by registered letter with return receipt. to be delivered to: FULA S.R.L., Via Giovanni Amendola 166/5 – 70126 Bari (BA), to c.a. of the data protection officer.
Social Media
The user who visits the website owned by FULA S.R.L. can connect via hyperlinks to Facebook, YouTube, Instagram. Please note that the user can consult the privacy policy of each of these services on their respective websites. It is also specified that FULA S.R.L. has no responsibility and/or decision-making power on the use and dissemination of personal data on these social media which must be qualified as independent data controllers.