With reference to the provisions of the General Data Protection Regulation of the European Union 2016/679 (GDPR), containing provisions on managing and processing personal data, we kindly inform our Users of the following:
1. Purposes of the processing
The personal data is processed for the following purposes:
- Managing orders of products and services purchased through our websites (order acceptance, shipping, delivery, any withdrawal and related collection of goods);
- Carrying out administrative and accounting activities related to managing the above orders;
- Providing services related to registration in the user area of our websites (reserved access, order history archive);
- Sending (to registered users only) newsletters relating to products and services, editorial news, special offers and promotions.
2. Data processing and storage methods
The personal data is processed using manual and IT tools, with procedures and precautions to preserve its security, minimising the risk of destruction, loss, modification, and unauthorised access or disclosure. The personal data is stored for the time necessary to achieve the aforementioned purposes, as well as to fulfil the legal obligations imposed for the same purposes.
3. Types of personal data processed – Cookies
The data processed is that provided by the User when ordering or registering on our sites (personal data, tax code, billing and/or shipping address, telephone, email address), as well as technical data automatically recorded by the system (IP address, log files relating to site navigation) for statistical purposes and to prevent and ascertain possible computer fraud. The credit card data provided at the time of purchase is not recorded by us in any way, but transmitted and managed with SSL security protocol directly by the payment service provider (PayPal or others).
4. Provision of personal data
The provision of data for the purposes referred to in point 1 above is necessary; therefore, if it is not provided, our company will not be able to provide the requested services. For the aforementioned purposes, explicit consent from the User is not required, pursuant to Article 6, paragraph 1, letter b) of the GDPR and current legislation.
5. Scope of data communication
The personal data being processed can be transmitted or communicated to consulting firms (legal, administrative and accounting), shippers and couriers, any IT companies and any other entity – where necessary to carry out the activities referred to in point 1 above – and all those entities (including Public Authorities) which have access to data by virtue of regulatory or administrative measures.
6. Data subject rights
The subjects to which the personal data refers have the right at any time to obtain confirmation of whether this data exists and to know its content and origin, verify its accuracy or request its integration, updating or rectification. Pursuant to the GDPR, they also have the right to request that data processed in violation of the law is deleted or transformed into anonymous form or restricted or blocked, as well as to revoke or oppose its processing in any case, for legitimate reasons.
7. Data controller
The data controller of the collection and processing of personal data is Ut Orpheus Edizioni S.r.l. - Piazza di Porta Ravegnana 1 - 40126 Bologna, which you can contact to exercise your rights by writing to: firstname.lastname@example.org
(Last updated: 21-04-2020)