LEGAL NOTES
Privacy Policy
Thank you for visiting our online shop and for your interest in our products. Here at Carlo Piombo, we want you to enjoy using our website without having to worry about the privacy of your personal information. Therefore, transparency concerning the use of our customers’ data is a priority for us. We would now like to outline which personal data we collect and for which purposes. We also summarise your rights in respect of personal information.
Art. 4 (1) GDPR defines ‘personal data’ as any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Contents
- General Information
- Name and address of the controller
- Data Processing Procedures
- Provision of the website
- Use of cookies
III. Data processing when using our online shop
- Newsletter
- Contact form, telephone and e-mail address
- Rights of the Data Subject
- Miscellaneous
- Scope of your obligation to provide data to us
- Forwarding to third parties
III. Version
Brief Overview
We take data protection extremely seriously, particularly where the collection, use and processing of personal data collected in the course of your use of the Carlo Piombo is concerned.
Valid from May 25, 2018
- Important contact details for the controller: (see below A I)
- Categories of Data
We process the following categories of personal information:
– transaction details of purchases made through the Carlo Piombo Website,
– communication data collected during the use of online forms, e-mail and/or telephone,
– technical specifications of your devices collected when you visit our website,
– pseudonymised data collected by web analysis tools
In some places, this data is directly available (e.g. in the course of your purchase transaction) and in others it is collected automatically (e.g. when you visit our online shop).
- Purpose of Processing
We process your data specifically in order to provide the services linked with purchases made through our Carlo Piombo Website, as well as for the purposes of analysis with the aim of continuously improving and adjusting our services to facilitate the best possible shopping experience.
- Legal Basis
Your data is required in order to fulfil purchase contracts concluded via the Carlo Piombo Website and in pursuit of our legitimate interests.
Where consent is required by law, we request that you provide such consent.
- Categories of recipients of your data
In addition to the controller, external service providers who support us in the performance of our services may, under certain circumstances, have access to certain types of personal information. Your data is not currently processed outside the EU.
- Duration of data storage
In principle, we process and store your data for the duration of our contractual relationship and to attain the objectives connected with the processing in each case. Where required by the law, certain personal information is also stored for a longer period.
- Your data protection rights, in particular the right to object (C. below)
Under certain circumstances, you are entitled to assert data protection rights against us. We would like in particular to draw your attention to your right to object: where certain grounds are given relating to your particular situation, you have the right to object to the processing of your data if the lawfulness of the processing is based on overriding legitimate interests or if the data processing relates to profiling or direct advertising. As a rule, if you have objected, we will no longer process your data.
- GENERAL INFORMATION
- Name and address of the controller
For the purposes of the General Data Protection Regulation, the national data protection laws in the EU Member States and other data protection provisions, the controller of the Carlo Piombo Website is:
CARLO PIOMBO SRLS
Via Helvetia 29
17019 Varazze (SV)Cod SDI: W7YVJK9
Partit Iva (e codice fiscale) 0189 524 0099
- PROVISION OF THE WEBSITE
- Description and Scope of Data Processing
Where you use our website for purely informative purposes, that is, if you do not register with us or otherwise submit information, we collect only the personal information transmitted to our server by your browser when you visit our website:
- IP-address (in anonymised, abbreviated form if applicable)
- date and time of access,
- time zone difference from Greenwich Mean Time (GMT),
- content of the request (specific page),
- access status/HTTP-status code,
- volume of data transmitted,
- website from which the request originated,
- browser type,
- operating system and interface,
- language and version of browser software.
This data is also stored in our system logfiles. The data is not at any time stored together with other personal information. The anonymous data of the server-logfiles is stored separately from all personal information submitted by a data subject.
- a) Third-party hosting services
In the course of order processing, a third-party service provider renders hosting services and services relating to the display of the website. This serves to safeguard our overriding legitimate interest in the correct display of our website. All data collected during the use of this website or submitted in the forms provided in the online shop as described below, are processed on its servers. Processing on other servers takes place only as described herein. The third-party service provider is based in an EU or EEA Member State.
- Legal Basis for Data Processing
The legal basis for the temporary storage of the data is Art. 6 (1) lit. f GDPR.
- Purpose of Data Processing
When you view our website, we collect the data stated in section 1. which is required for technical purposes in order to display our website correctly and to guarantee the stability and security of the system. Data is stored in logfiles in order to ensure the functionality of the website. In addition, this data helps us to optimise the website and to ensure the security of our IT-systems. These purposes also establish our legitimate interest in the data processing pursuant to Art. 6(1) lit. f GDPR.
- Duration of Data Storage
The data is deleted as soon as it is no longer required for the attainment of the purpose for which it was collected. In the case of the collection of data required in order to correctly display the website, this is the case if the session has ended, i.e. when you leave our website.
- Right to Object and Right to Have Data Removed or Deleted
The recording of data for the provision of the website and the storage of data in logfiles is vital for the operation of the Internet site. Therefore, there is no option for the user to object to this.
- Cookies
- Description and scope of data processing
We hope to make our services as individualised as possible in future and are constantly striving to improve our services, in order to provide interesting information and an enjoyable shopping experience. To this end, we sometimes use cookies. Cookies are small text files stored on your hard drive and allocated to your browser through which certain information is transmitted to the party that installed the cookie (in this case, us). This kind of cookie contains a unique series of characters that allows the browser to be unequivocally recognised the next time you visit the website. Cookies cannot run programmes or transmit viruses to your computer. We use cookies in order to make our website more user-friendly. Cookies can be disabled in the browser settings. However, please note that certain cookies are required in order to use all of the functions provided on our website.
We use both session-cookies, which are used only for the duration of a single online visit, as well as those that are used for longer. Longer-term cookies are used to enable us to provide customers with relevant settings in the Carlo Piombo Website that appear every time you use the site, such as individually tailored information to increase ease of use and to present offers based on your previous shopping activities.
We use the following types of cookies, the scope and function of which is explained below:
- Transient cookies (e.g. Session Cookies) (see a)
- Persistent cookies (see b).
- a) Transient Cookies
As a rule, transient cookies – which include, in particular, “session cookies” – are automatically deleted when you close the browser or the session has expired. These cookies store a session-ID, which is used to allocate various requests from your browser to the same session. This allows your device to be recognised the next time you visit our website. Session cookies are generally deleted when you log out or close the browser window. Session cookies store and transmit the following data:
- Language settings
- Log-in information
- Visitor-ID
- Time stamp with start and finish time of the current session.
- b) Persistent Cookies
Persistent cookies are automatically deleted after a specified period, which differs from one cookie to another. You can delete or disable cookies in the security settings of your browser at any time. Data is collected and stored to facilitate the proper display and optimisation of our website; based on this data, user profiles are created using pseudonyms. However, user profiles are never combined with data relating to the bearer of the pseudonym without the explicit consent of the user. When they access the website, visitors are informed of the use of cookies for analysis purposes and referred to this Privacy Policy.
- a) Social Media Cookies
This website features social media plug-ins to allow users to recommend and share articles on social media, such as Facebook, Instagram, Twitter and Pinterest. We use a two-phase procedure; data intended for third parties is transmitted only when you, the website visitor, click on one of the icons displayed in the social media bar. Carlo Piombo has no influence over or access to the cookies used by Facebook, Twitter, etc.
- b) Web Analysis
If you consented to this pursuant to Art. 6(1) sentence 1 lit. a GDPR, this website uses Google (Universal) Analytics, a web analysis service provided by Google LLC (www.google.de). Google (Universal) Analytics uses various methods that allow it to analyse your use of the website, such as, for example, cookies. The automatically collected information on your use of this website is as a rule transmitted to our Google server in the USA, where it is then stored. As a result of the activation of IP-anonymisation on this website, the IP-address is abbreviated prior to transmission within the member states of the European Union and in EEA states. Only in exceptional cases is the full IP-address transmitted to a Google server in the USA and abbreviated there. The anonymized IP address transmitted by your browser in the course of Google Analytics is as a rule not combined with other data held by Google. Where the intended purpose ceases to apply and when our use of Google Analytics comes to an end, the data collected in this connection will be deleted.
Google LLC is headquartered in the USA and certified under the EU-US-Privacy Shield. Click here to view the current certificate. Based on this agreement between the USA and the European Commission, the latter has verified that companies certified under the Privacy Shield Programme have an appropriate level of data protection.
You can withdraw your consent at any time by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de . This prevents the recording of the information created by the cookie relating to your use of the website (including your IP-address), as well as the processing of this data by Google.
Alternatively, click here to prevent Google Analytics from recording any data on this website in future. This installs an opt-out cookie on your device. If you delete cookies, you will be asked to provide consent again.
- c) Facebook Custom Audiences
Our website uses Facebook Website Custom Audiences. To this end, Facebook Pixel is integrated into our website. Facebook pixel is Javascript Code. The pixel generates a checksum (hash value) from your user data which is submitted to Facebook, e.g. browser information. If it is installed, the Facebook Cookie is also activated and your Facebook-ID is transmitted. If you have a Facebook profile and log in to your Facebook account, the data transmitted by the pixel allows individualised advertising for Carlo Piombo products and offers to be displayed. Facebook rejects unused the data of users who do not have a Facebook profile. For further information on the purpose and scope of the data collection, as well as the further processing and use of the data by Facebook and privacy settings, please visit Facebook’s privacy policy at https://de-de.facebook.com/privacy/explanation.
If you do not wish the relevant data to be collected, you can object using the following link and disable data collection: https://de-de.facebook.com/help/769828729705201/
- Legal Basis for the Data Processing
The legal basis for the processing of data through the use of cookies is Art. 6 (1) lit. f GDPR.
- Purpose of the Data Processing
Transient cookies are used in order to make our website simpler to use for the individual user. Some functions on our Internet site cannot be provided without using cookies. For these pages, the browser needs to be recognised even when the user switches between different pages. Therefore, transient cookies are used to ensure the basket function works, to record language settings and to recognise search terms.
Persistent analysis cookies are used in order to improve the quality of our website and its content. The analysis cookies tell us how the website is used, thus enabling us to constantly improve our offering.
Without your consent, analysis data is collected only in anonymised or pseudonymised form. We are then unable to personally identify you. These purposes establish our legitimate interest in the processing of personal information pursuant to Art. 6 (1) lit. f GDPR.
- Duration of Storage, Right to Object and Option to Have Data Removed
Cookies are stored on your computer, from where they transmit information to our website. As such, you, the user, have full control over the use of cookies. You can restrict or disable cookies via your Internet browser settings. Existing cookies can be deleted at any time. Such deletion can also be automated. Please note that you can configure your browser settings such that you are notified of the installation of cookies and can decide on a case-by-case basis whether to accept them or to disable cookies for certain cases or across the board. Every browser is different in terms of how it manages cookie settings. An explanation can be found in the help menu of every browser, which also describes how to change cookie settings. The instructions for the various browsers can be found by clicking on the following links:
Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
Firefox: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
Chrome: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
Safari: https://support.apple.com/kb/ph21411?locale=de_DE
Opera: http://help.opera.com/Windows/10.20/de/cookies.html
Please note that disabling cookies may result in the functionalities of our website being restricted.
III. Data Processing during use of our online shop
- Description and Scope of Data Processing
- a) Purchases in the Online Shop
If you shop in the Carlo Piombo Online Shop, the following personal information can be collected, processed and used in order to process your order:
- surname,
- name,
- title,
- invoice and delivery address,
- e-mail address,
- telephone number,
- payment information
(“Customer Master Data”).
When your data is transmitted to us, it is encrypted using the latest security standard - SSL 128bit encryption (SSL = Secure Socket Layer) (TLS 1.2). The security certificate is issued by Let’s Encrypt.
To ensure the best possible experience for our customers, as legally permitted, we share your personal information with other companies employed by us as order processors exclusively for the proper performance of the contract and only to the extent necessary. We furthermore ensure that your data is at all times processed only in accordance with our instructions.
- b) Payment Method
PayPal, credit card and immediate transfer data is not stored, but is instead collected and processed by our payment service provider, “Wirecard Central Eastern Europe GmbH”. We use technical and organisational measures to secure our website and other systems against the loss, destruction, unauthorised access, alteration or dissemination by unauthorised persons of your personal information.
- c) Customer Account
Your customer account can only be accessed by entering your personal password. You should always keep your log-in information confidential and close the browser window once you have finished using our website, in particular if you are viewing the website from a shared computer.
- d) Parcel Tracking
After placing an order through our online shop, you will be sent status updates from the carrier of your parcel. To this end, we provide your e-mail address to General Logistics Systems Austria GmbH, Traunuferstraße 105a, 4052 Ansfelden, Austria or Federal Express GmbH, Cargo Nord, Geb. 7, 1300 Vienna, Austria, which are bound by law to comply with data protection requirements. To object to this, simply send an e-mail to the following address: cp@carlopiombo.com
- e) Availability Updates
You can also sign up to receive e-mail updates to be notified when an item is back in stock. We will use your e-mail address to notify you of the status of the item concerned.
- Legal Basis for the Data Processing
- a) The legal basis for the processing of your data in the course of placing an order and shopping in our online shop is Art. 6 (1) lit. b GDPR.
- b) The legal basis for the transmission of your data to external payment services providers is Art. 6 (1) lit. a and b GDPR.
- c) The legal basis for the parcel tracking is Art. 6 (1) lit. b GDPR.
- d) The legal basis for the availability updates is Art. 6 (1) lit. a GDPR. You can withdraw your consent at any time by e-mailing cp@carlopiombo.com
- Duration of Data Storage
As a rule, we process and store your data for the duration of our contractual relationship. This also includes the initiation of a contract (precontractual legal relationship).
In the event of the conclusion of a contract, all data relating to the contractual relationship is stored until such time as the mandatory statutory storage period under tax law (7 years) has expired.
Your name, address, items purchased and order data are furthermore stored until the warranty period under product liability law expires (10 years). The data processing is carried out based on the statutory provisions set forth in Section 96 (3) Telecommunications Act (Telekommunikationsgesetz, TKG) as well as Art 6 (1) lit. a (consent) and/or lit. b (necessary for the performance of a contract) of the GDPR.
- Newsletter
You can subscribe to our newsletter via the website. To subscribe, you need to provide your e-mail address and submit a declaration that you consent to the subscription. To allow us to provide targeted information, we also collect and process voluntary information on areas of interest, date of birth, post code and language.
As soon as you register for the newsletter, we will send you a confirmation e-mail with a link to confirm your subscription. You can unsubscribe at any time. There is a link at the bottom of every newsletter via which you can unsubscribe from the newsletter.
- Contact Form and E-mail Contact, Telephone Number
- Description and Scope of Data Processing
Our website features a contact form, an e-mail address and telephone number. You can also contact us via various social media platforms (Facebook, Instagram). This means you can contact our customer service team directly. If and insofar as you contact us using the contact form provided on our website by e-mail, telephone, fax or through social media platforms and wish to find out about your orders or customer status, to enable us to properly process your request you may need to provide certain personal information, such as name, address, e-mail address, date of birth, order or invoice number. This data is used solely to verify and process your request. In the event that you contact us via a social media platform, please note that these platforms are not owned or controlled by Carlo Piombo, meaning that it is not possible to protect and maintain the confidentiality of the information provided via the social media platform. Should you have any questions concerning data protection, please contact the owner and operator of the social media platform in question.
In this context, data is not shared with third parties. The data is used solely for the purposes of processing the interaction.
- Legal Basis for the Data Processing
The legal basis for the processing of the data you provide in the course of submitting your request is Art. 6 (1) lit. f GDPR. If the contact has the intent of concluding a contract, the additional legal basis for the processing is Art. 6 (1) lit. b GDPR.
- Purpose of the Data Processing
The processing of the personal information submitted through the contact channel in each case serves solely the processing of your request and the handling of the issue to which the request relates. This establishes the necessary legitimate interest in processing the data.
The other personal data processed during the submission serves to prevent abuse of the contact form and to help guarantee the security of our IT-systems.
- Duration of Data Storage
The data is deleted as soon as it is no longer required for the attainment of the purpose. This applies to the personal data from the input screen for the contact form, as well as the information sent by e-mail if the conversation with the user concerned has ended. The conversation has ended if it can be concluded from the circumstances that the issue concerned has been conclusively resolved. Under certain circumstances, however, we may need to store certain personal information from the communication for longer (e.g. as evidence if in the course of the conversation agreements are reached concerning purchases made, goodwill decisions by Carlo Piombo, agreements on payments, claims based on defects, etc.).
- Rights of Persons Affected
Under certain circumstances, you can assert data protection rights against us:
- Right to withdraw consent: if you consented to certain types of processing activities, you can at any time withdraw such consent for the future. Such withdrawal of consent does not, however, have any effect on the lawfulness of the processing prior to the withdrawal of consent or insofar as the processing is justified on a different legal basis.
- Right to information: Pursuant to Art. 15 GDPR, you have the right to obtain information on which of your personal information we store.
- Right to rectification: Pursuant to Art. 16 GDPR, we will on request rectify any inaccurate or erroneous personal information.
- Right to rectification: If you wish, we will delete your data pursuant to the basic principles set forth in Art. 17 GDPR.
- Right to restriction of processing: Taking account of the prerequisites set forth in Art. 18 GDPR, you can request that we restrict the processing of your data.
Right to object: In addition, pursuant to Art. 21 GDPR you can object to the processing of your data. This right to object applies where there are grounds relating to your particular situation and only with respect to data processing that is lawful based on an overriding interest, concerning profiling or for the purposes of direct marketing. If you object, we will no longer process your data, unless we are entitled by law to reject your objection. An objection to direct marketing, including profiling, is binding for us, which means that we are no longer permitted to process your data for these purposes.
If you consented to direct marketing and no longer wish to receive such direct advertising, you need to withdraw your consent.
- Recht auf Datenübertragbarkeit: Auch haben Sie das Recht, Ihre Daten gemäß den Regularien von Art. 20 DSGVO in einem strukturierten, gängigen und maschinenlesbaren Format zu erhalten oder sie einem Dritten zu übermitteln.
- Beschwerde zur Datenschutzbehörde: Ferner steht Ihnen ein Beschwerderecht bei der jeder zuständigen Datenschutzaufsichtsbehörde zu (Art. 77 DSGVO). Wenn Sie glauben das Datenschutzrecht verstößt oder Ihre datenschutzrechtlichen Ansprüche sonst in einer Weise verletzt worden sind, können Sie sich bei der Aufsichtsbehörde beschweren.
- Right to data portability: You also have the right to obtain your data pursuant to the rules set forth in Art. 20 GDPR in a structured, customary, machine-readable format or to transmit it to a third party.
- Complaint to the Data Protection Authority: Furthermore, you have the right to lodge a complaint with any competent data protection supervisory authority (Art. 77 GDPR). If you think there has been an infringement of data protection law or that your data protection rights have otherwise been contravened, you can lodge a complaint with the data protection supervisory authority.
- Scope of your duty to provide personal information
You need only provide the data required for the initiation and performance of the contractual relationship or for a pre-contractual relationship with us or which we are required, by law, to collect. Without this data, we will as a rule not be able to conclude the contract or further execute it. This can also relate to data required later on in the course of the contractual relationship. If we request additional information from you, you will be notified separately of the voluntary nature of the information concerned.
- Forwarding to third parties
Carlo Piombo has access to your data only insofar as this is necessary for the attainment of the objectives in line with the internal allocation of tasks. To this end, within the company only those departments that require access will be permitted to access your data.
Service Providers: We have commissioned service providers who as order processors have access to your data and process this data on our behalf for specific purposes specified by us. These order processors can be providers of marketing services, website-hosting services, IT-support services, website analysis services or shipping services.
Other third parties: If necessary for legal or statutory reasons, we are also required to provide certain data to third parties. These may be official bodies, external advisors, business partners, courts, experts as well as executive bodies within the company and supervisory bodies, where necessary.
International data transfer: Although all recipients are currently based in the EU/EEA, it cannot be excluded that recipients will, in future, be located in a country outside the EU/EEA that does not provide a level of data protection comparable to that in Europe. In particular, service providers may, in future, be located in the USA. In this case, Carlo Piombo will either select service providers certified under the US-EU Privacy Shield Program (Art. 45(1) GDPR) or which have agreed with Carlo Piombo the EU standard data protection clauses adopted by the EU Commission (Art. 46 (2) (c) or (d) GDPR).
III. Version
This privacy policy was last updated on May 25, 2018. Carlo Piombo s.r.l.s. reserves the right from time to time to update or amend this Privacy Policy.
PRIVACY POLICY NEWSLETTER
Information on data protection according to Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR)
We take data protection very seriously, which of course also applies to the personal data of our newsletter customers and recipients of press releases (“data”). We hereby inform you how we process your data and what claims and rights you are entitled to.
- Responsible body
CARLO PIOMBO SRLS
Via Helvetia 29
17019 Varazze (SV)
Cod SDI: W7YVJK9
- Iva (e codice fiscale) 0189 524 0099
- Categories of data in newsletter marketing and press information:
- E-mail address as the contact date for sending the newsletter.
- E-mail address as the contact date for sending the press information.
- Processing purposes
- a) The purpose of the processing is to carry out the newsletter dispatch you have commissioned; The data collected is only used to send you promotional newsletters to the email address provided to us with information on Carlo Piombo, news, offers, discounts, events, etc. tailored to your personal interests and behavior.
- b) In addition, we can also use your data for the following purposes:
- Measures for the further development of services and products;
- Reporting to monitor the success of the measures implemented over time;
- Examination and optimization of procedures for needs analysis, benchmarking;
- Disclosure of personal data as part of a due diligence;
- Enrichment of our data (e.g. use / research of publicly accessible data);
- Use for system development / development of test systems;
- Assertion of legal claims and defense in legal disputes;
- Further development of existing systems and processes;
- internal and external investigations, security reviews;
- c) Press releases: The data collected is only used to send you press information on our products, events and / or news in the company to the email address provided to us.
- Legal bases
The sending of the newsletter in accordance with paragraph 3 a) and c) is based on your consent in accordance with Art. 6 Paragraph 1 lit.
The further processing operations in section 3 b) are carried out on the basis of a balance of interests in favor of Carlo Piombo. We evaluate the efficiency and attractiveness of our newsletter from a technical point of view in order to only provide you with product recommendations that are of interest to you in the future. Since no sensitive personal data is used here and, as a rule, only evaluations are created on an aggregated, non-personal level, data processing can be assessed as a legitimate interest at this point.
- Recipients or categories of recipients of your data
- Carlo Piombo only has access to your data insofar as it is necessary to achieve the purposes according to the internal distribution of tasks. For this purpose, internal access to your data is only granted to those departments and employees who require access.
- Service providers: We have engaged service providers who, as contract processors, have access to your data and process them for purposes specifically defined by us. These processors can be marketing service providers, website hosting service providers, IT support service providers or website analysis service providers.
- Other third parties: We may pass on your data to authorities, external consultants, business partners or courts, if necessary.
International data transfer: Although all recipients are currently located within the EU / EEA, you must expect that recipients in the future may be located in a country outside the EU / EEA that does not offer a level of data protection that is appropriate compared to the European level of data protection. Service providers in particular can be based in the USA in the future. In this case, Carlo Piombo will either select service providers who are certified under the US-EU Privacy Shield Program (Art. 45 Para. 1 GDPR) or who agree the EU standard contractual clauses with Carlo Piombo, as approved by the EU Commission (Art. 46 Para . 2 (c) or (d) GDPR).
In addition, we will not pass on your data to third parties unless we inform you about this separately. Insofar as we commission service providers in the context of order processing, your data is subject to the security standards specified by us in order to adequately protect your data.
- Duration of storage of your data
In principle, we process and store your data for the duration of your consent.
- Processing of your data in a third country or by an international organization
Your personal data is processed in a third country or by an international organization