Privacy Policy

YOUR IMPORTANT DATA WE TREAT THEM WELL

FASHION HABERDASHERY PRIVACY POLICY

This Site collects some Personal Data of its Users.

Data Controller

The data controller is Moda Merceria s.a.s. di Conte Rita, Via della Pisana, 61/a - 00163 Rome, contactable at[email protected] or at 06 66012452.
Fashion Haberdashery s.a.s.Ensures compliance with the data protection regulations pursuant to the "Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation)" (hereinafter "GDPR").

This Privacy Policy:
- is understood to be rendered for the sitemodamerceria.com (hereinafter referred to as 'Site')
- constitutes an integral part of the Site and the services we offer;
- is made pursuant to Article 13 of the Regulation to those who interact with the services/products of the Site.

Contact details of the D.P.O.

The holder is not obliged to appoint the D.P.O.

Types of Data Collected

Among the Personal Data collected by this Site, either independently or through third parties, are:

- Automatically collected data. The computer systems and applications dedicated to the functioning of this website collect, during their normal operation, certain data (the transmission of which is implicit in the use of Internet communication protocols) potentially associated with identifiable users. The data collected include the IP addresses and domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters concerning the operating system, the browser and the computer environment used by the user. This data is processed, for the time strictly necessary, for the sole purpose of obtaining statistical information on the use of the site and to check its regular operation. The provision of such data is compulsory as it is directly related to the web browsing experience.

- Data provided voluntarily by the user. The voluntary and explicit sending of e-mails to the addresses indicated in the various access channels of this site does not imply any request for consent, and any completion of specifically prepared forms entails the subsequent acquisition of the sender's/user's address and data, which are necessary to respond to the requests made and/or provide the service requested. The voluntary sending, on your part, of e-mails to our e-mail addresses does not require further information or requests for consent. On the contrary, specific summary information will be reported or displayed on the pages of the site set up for particular services on request (forms). The user must therefore explicitly consent to the use of the data in these forms in order to send the request.

- Cookies. The site uses cookies. The data collected through cookies can be used to access parts of the site or for statistical purposes or to make the browsing experience more pleasant and more efficient in the future, trying to assess user behaviour and to modify the proposed content offer according to their behaviour and preferences for purposes strictly related to the provision of the requested service. A specific cookie policy is available for further information.

Failure by the User to provide certain Personal Data may prevent this Site from providing its services.
The User assumes responsibility for the Personal Data of third parties published or shared through this Site and guarantees that he/she has the right to communicate or disseminate them, releasing the Owner from any liability towards third parties.

Method and place of processing of collected Data

Treatment modes

The Controller processes the Personal Data of the Users by taking appropriate security measures to prevent unauthorised access, disclosure, modification or destruction of Personal Data.
The processing is carried out using computer and/or telematic instruments, with organisational methods and logics strictly related to the purposes indicated. In addition to the Data Controller, in some cases, categories of persons involved in the organisation of the site (administrative, sales, marketing, legal, system administrators) or external parties (such as third party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) also appointed, if necessary, as Data Processors by the Data Controller, may have access to the Data. The updated list of Data Processors can always be requested from the Data Controller.

Place

The Data are processed at the Controller's premises and in any other place where the parties involved in the processing are located. For further information, please contact the Data Controller at the references above.

Times

The Data are processed for the time necessary to perform the service requested by the User, for the purposes described in this document ("retention limitation principle", art.5 of the GDPR), in accordance with the deadlines provided for by the law or by order of an authority to protect its interests.
In any case, the User may always request the interruption of the Processing or the deletion of the Data from the Data Controller.
The Data Controller may keep the Personal Data longer until such consent is revoked.

At the end of the retention period, the Personal Data will be deleted.

Therefore, upon expiry of this period, the right of access, cancellation, rectification and the right to Data portability can no longer be exercised.

Purposes of Data Processing

The processing of your data has its legal basis in your consent and enables the Controller to provide its services for the following purposes:

- Contact the User;
- Managing addresses and sending email messages for direct marketing activities with information and promotional material on products and services similar to those you have requested;
- Handling of payment and dispatch of goods as per the purchase contract finalised during the purchase at this ecommerce site (provision of required services);
- Management of support and contact requests, interaction with support and feedback platforms, to send replies to specific requests, including via WhatsApp chat on the site;
- Interaction with social networks and external platforms;
- Infrastructure monitoring;
- SPAM protection;
- Registration and authentication;
- Statistical purposes and market research, without it being possible to trace his identity;
- Management of user databases;
- Hosting and backend infrastructure;
- Fulfil any obligations under applicable laws, regulations or EU legislation, or comply with requests from the authorities;

If, in any event, you wish to object to the processing of your data for marketing purposes carried out by the means indicated, you may do so at any time when sending an email or by contacting the Data Controller at the references indicated above, without prejudice to the lawfulness of the processing based on the consent given prior to revocation;

The types of Personal Data used for each purpose are indicated in the specific sections of this document.

Personal data processing details

Contacting the User
Mailing List or Newsletter (this Site)
By registering to the mailing list or newsletter, the User's email address is automatically included in a list of contacts to whom email messages containing information, including of a commercial and promotional nature, relating to this Site may be sent.
Personal data collected: first name, last name, email, gender, date of birth.

Contact form

The User, by filling in the contact form with his/her Data, consents to the use of such Data to respond to requests for information, quotations, or any other nature indicated in the header of the form.
Personal data collected: first name, last name, email, gender, date of birth.

Managing addresses and sending e-mail messages

These services enable the management of a database of email contacts, telephone contacts or contacts of any other kind used to communicate with the User.
These services may also collect data on the date and time the User views the messages, as well as the User's interaction with them, such as information on clicks on links in the messages.

Management of support requests and feedback

The Controller may use the personal data collected on this Site to respond to support and contact requests from the User received via email or other tools and websites of the Controller.

Management of user databases

The Owner may build user profiles starting from an email address, name or any other information the User provides to this Site, as well as track the User's activities through statistical features. This personal data may also be cross-referenced with publicly available information about the User (such as social network profiles) and used to build private profiles that Data Controller may view and use to improve this Site.
Personal data may also allow for the scheduled sending of messages to the User, such as emails based on specific actions taken on this Site.

Statistics

The services contained in this section allow the Data Controller to monitor and analyse traffic data and serve to keep track of the User's behaviour.

Google Analytics with anonymised IP (Google Inc.)
Google Analytics is a web analytics service provided by Google Inc. ("Google"). Google uses the collected personal data for the purpose of tracking and analysing your use of this website, compiling reports and sharing them with other services provided by Google.
Google may use personal data to contextualise and personalise ads in its advertising network.
This Google Analytics integration anonymises your IP address. The anonymisation works by abbreviating the IP address of Users within the borders of the member states of the European Union or other countries which are party to the Agreement on the European Economic Area. Only in exceptional cases will the IP address be sent to Google's servers and abbreviated within the USA.
Personal data collected: Cookies and Usage Data.
Place of processing: USA -Privacy Policy-Opt Out

Hosting

These types of services are intended to host data and files that allow this Site to function, enable its distribution and provide a ready-made infrastructure to deliver specific features of this Site. Some of these services operate through servers located geographically in different locations, making it difficult to determine the exact location where personal data is stored.
Serverplan S.r.l.
Personal data collected: Cookies and Usage Data.

Rights of the data subject

The data subject always has the right to request from the Data Controller access to his/her data, rectification or erasure of data, restriction of processing or the possibility to object to processing, to request data portability, to withdraw consent to processing by asserting these and the other rights provided by the GDPR by simply notifying the Data Controller. The data subject may also lodge a complaint with a supervisory authority.

List of the data subject's rights with reference to the provision under Articles 15-18 of the GDPR:

Art. 15 The data subject's right of access
1. The data subject has the right to obtain from the controller confirmation as to whether or not personal data relating to him are being processed and, if so, to obtain access to the personal data and the following information:
(a) the purposes of the processing;
(b) the categories of personal data concerned;
(c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if they are recipients in third countries or international organisations;
(d) where possible, the expected period of retention of personal data or, if this is not possible, the criteria used to determine that period;
(e) the existence of the right of the data subject to request from the controller the rectification or erasure of personal data concerning him or her or to object to the processing of personal data concerning him or her;
(f ) the right to lodge a complaint with a supervisory authority;
(g) where the data are not collected from the data subject, all available information on their origin;
(h) the existence of an automated decision-making process, including profiling as referred to in Article 22(1) and (4), and, at least in such cases, meaningful information on the logic used, as well as the importance of such processing for the data subject and the envisaged consequences thereof.

2. Where personal data are transferred to a third country or international organisation, the data subject has the right to be informed of the existence of appropriate safeguards within the meaning of Article 46 relating to the transfer.

3. The data controller shall provide a copy of the personal data undergoing processing. In case of further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. If the data subject makes the request by electronic means, and unless otherwise specified by the data subject, the information shall be provided in a commonly used electronic format.

4. The right to obtain a copy referred to in paragraph 3 must not infringe the rights and freedoms of others.

Art. 16 Right of rectification
The data subject shall have the right to obtain from the controller the rectification of inaccurate personal data concerning him/her without undue delay. Taking into account the purposes of the processing, the data subject has the right to obtain the integration of incomplete personal data, also by providing a supplementary declaration.

Art. 17 Right to erasure ('right to be forgotten')
1. The data subject shall have the right to obtain from the controller the erasure of personal data concerning him/her without undue delay and the controller shall be obliged to erase the personal data without undue delay if one of the following grounds applies
(a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(b) the data subject withdraws the consent on which the processing is based in accordance with Article 6(1)(a) or Article 9(2)(a) and if there is no other legal basis for the processing;
(c) the data subject objects to the processing pursuant to Article 21(1) and there is no overriding legitimate ground for processing, or objects to the processing pursuant to Article 21(2);
(d) personal data have been unlawfully processed;
(e) the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject;
(f ) personal data have been collected in connection with the offering of information society services as referred to in Article 8(1).

2. Where a controller has disclosed personal data to the public and is obliged under paragraph 1 to erase them, the controller shall, taking into account available technology and the costs of implementation, take reasonable steps, including technical measures, to inform data controllers who are processing personal data of the data subject's request to erase any link, copy or reproduction of his or her personal data.

3. Paragraphs 1 and 2 shall not apply to the extent that the processing is necessary:
(a) for the exercise of the right to freedom of expression and information;
(b) for compliance with a legal obligation to which the processing is subject under Union or Member State law or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(c) for reasons of public interest in the field of public health in accordance with Article 9(2)(h) and (i) and Article 9(3);
(d) for archiving in the public interest, scientific or historical research or statistical purposes in accordance with Article 89(1), insofar as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the purposes of such processing;
(e) for the establishment, exercise or defence of a legal claim.

Art. 18 Right to restriction of processing
1. The data subject has the right to obtain from the data controller the restriction of processing when one of the following cases occurs:
(a) the data subject contests the accuracy of the personal data, for the period necessary for the controller to verify the accuracy of such personal data;
b) the processing is unlawful and the data subject objects to the deletion of the personal data and requests instead that their use be restricted;
(c) although the data controller no longer needs them for the purposes of processing, the personal data are necessary for the establishment, exercise or defence of legal claims by the data subject;
(d) the data subject has objected to the processing pursuant to Article 21(1), pending verification as to whether the legitimate reasons of the controller prevail over those of the data subject.

2. Where processing is restricted pursuant to paragraph 1, such personal data shall, except for storage, only be processed with the consent of the data subject or for the establishment, exercise or defence of legal claims or the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or a Member State.

3. A data subject who has obtained a restriction of processing pursuant to paragraph 1 shall be informed by the controller before that restriction is lifted.

Recipients of personal data

Your data will not be disclosed in any way except for legal obligations or to fulfil your specific requests.

Obligation to provide data

The provision of your data for the purposes of direct marketing and statistics is, on the other hand, optional and will in no way compromise the provision of the service. For all the other purposes and activities described, the provision of your data is compulsory because it is linked to the correct provision of the service. Failure to provide your data will make it impossible to activate the services requested or to respond to your requests.
You may object to the processing of your Personal Data for the optional purposes described above both when requesting the products and services available on the Site and in subsequent communications from the Controller by contacting him at the references above.

Further information on treatment

Defence in court

The User's Personal Data may be used for the defence by the Data Controller in legal proceedings or in the preparatory stages of such proceedings against abuse in the use of the same or related services by the User.
The User declares that he/she is aware that the Data Controller may be required to disclose the Data at the request of public authorities.

Specific information

At the User's request, in addition to the information contained in this privacy policy, this Site may provide the User with additional and contextual information regarding specific services, or the collection and processing of Personal Data.

System logs and maintenance

For operation and maintenance purposes, this Site and any third-party services used by it may collect System Logs, i.e. files that record interactions and which may also contain Personal Data, such as the User's IP address.

Information not contained in this policy

Further information in relation to the processing of Personal Data may be requested at any time from the Data Controller using the contact information.

Exercise of rights by Users

The subjects to whom the Personal Data refer have the right at any time to obtain confirmation of the existence or non-existence of such data at the Data Controller, to know its content and origin, to verify its accuracy or request its integration, deletion, updating, rectification, transformation into anonymous form or blocking of Personal Data processed in violation of the law, as well as to oppose in any case, for legitimate reasons, its processing. Requests should be addressed to the Data Controller.
This Site does not support 'Do Not Track' requests. To find out whether any third-party services you use support them, please consult their privacy policies.

Changes to this privacy policy

The Data Controller reserves the right to make changes to this privacy policy at any time by notifying Users on this page. In case of non-acceptance of the changes made to this privacy policy, the User shall cease using this Site and may request the Data Controller to remove his/her Personal Data. Unless otherwise specified, the previous privacy policy will continue to apply to Personal Data collected up to that point.

About this privacy policy

The Data Controller is responsible for this privacy policy.

Definitions and legal references

Personal Data (or Data)

Personal data is any information relating to a natural person, identified or identifiable, even indirectly, by reference to any other information, including a personal identification number.

Usage Data

These are personal data collected automatically by the site (or by third-party applications that it uses), including: IP addresses or domain names of the computers used by the User who connects to the site, URI (Uniform Resource Identifier) notation addresses, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server response (successful, error, etc.), the country of origin, the characteristics of the browser and operating system used by the visitor, the various time connotations of the visit (e.g. time spent on each page) and details of the itinerary followed by the User.), the country of origin, the characteristics of the browser and operating system used by the visitor, the various temporal connotations of the visit (e.g. the length of time spent on each page) and the details of the itinerary followed within the site, with particular reference to the sequence of pages consulted, the parameters relating to the operating system and the User's IT environment.

User

The individual using this site, who must be the Data Subject or be authorised by the Data Subject and whose Personal Data is being processed.

Interested

The natural or legal person to whom the Personal Data refer.

Processor (or Manager)

The natural person, legal entity, public administration and any other body, association or organisation entrusted by the Controller with the processing of Personal Data, in accordance with the provisions of this privacy policy.

Data Controller (or Owner)

The natural person, legal person, public administration and any other body, association or body which is responsible, even jointly with another owner, for deciding the purposes, methods of processing of personal data and the instruments used, including the security profile, in relation to the operation and use of this Site. The Data Controller, unless otherwise specified, is the owner of this Site.

This Site

The hardware or software tool by which Users' Personal Data are collected.

Cookies

Small portion of data stored within the User's device.

This website makes use of cookies. To find out more and for detailed information, you can consult theCookie Policy

Legal references

This privacy policy is prepared on the basis of Articles 13 et seq. of the "Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation)" (GDPR).

The Cookie Policy is drawn up in compliance with the obligations laid down in Article 10 of Directive 95/46/EC, as well as with the provisions of Directive 2002/58/EC, as updated by Directive 2009/136/EC.

Unless otherwise specified, this privacy and cookie policy relates exclusively to this Site.