The General Data Protection Regulation (EU Regulatio 2016/679 and henceforth the GDPR) is the European law relevant to the data protection, privacy and the transfer of personal data outside the EU.
The Regulation imposes the obligation to inform individuals (the natural persons the personal data refer to) about how their personal data are processed.
The company (henceforth the Company)
Calzolaio Antonio Rigato,
via dell’Artigianato 13/15,
30030 Vigonovo (VENEZIA), ITALY,
VAT IT00868830274, CF: RGTNTN36B22L899S, REA VE-157454
as manager of the website camilandstjohn.com (henceforth the Site) is fully compliant to the GDPR informing all the Site users (henceforth the Users) about the contents of this document.
How data are collected and processed
While visiting the Site, or sending an email to an address present on the section “Contact Us” or present anywhere the Site, personal data, relevant to an identified or identifiable person, can be collected and processed.
The present document explains how the collected personal data are processed and represents a policy compliant to the current applicable regulation.
The data can be are collected automatically or after an intentional communication by the Users.
Data automatically collected
During normal operation, Electronic devices together with information systems installed in the Site collect data. The data transmission is implicit in common internet communication protocols and they are associated to users. Therefore they are potentially identifiable. Among the collected data are included IP addresses, devices domain names, URI (Uniform Resource Identifier), time, parameters regarding browser, operative system and device. The data are collected and processed for the period necessary to control the Site regular operation and perform statistics relevant to the Site use. The provision of these data is mandatory because necessary to the Site navigation.
Data intentionally provided by the Users
The data provided by the Users filling in a form present in the Site will be collected by the Company. The data are necessary in order to fulfil the requests received. The users are informed and will explicitly agree by means specific checking boxes.
The data provide by the Users by sending an email to the Company will be collected. The data are necessary in order to fulfil the requests received. The users are informed and will explicitly agree by means specific checking boxes.
The data provided by purchasing an item by means of the Site, are necessary in order to carry out the entire purchasing and manufacturing operations related to bespoke, custom-made and made to measure goods.
The Data Controller is the Company “Calzolaio Antonio Rigato, via dell’Artigianato 13/15, 30030 Vigonovo (VENEZIA), ITALIA, VAT IT00868830274, CF: RGTNTN36B22L899S” (henceforth the Controller) that determinate the purpose and ways of processing the personal data.
Purpose and data processing legal basis
The current applicable regulation imposes that the data can be collected and processed only under a specific legal basis. The regulation enumerates six possible legal bases under which the personal data can be collected and processed.
Among the six possible legal basis, the Controller has identified the following legal bases in order to process the Users and Clients personal data. They are:
- Performance of a contract
- Fulfilment of a legal obligation
- Legitimate interests of the data controller
The legal bases are applied as follows:
When a form is fulfilled the data are provided by the Users and the consent is given in order to obtain a reply related to a specific request.
Based upon a specific and additional consent the data can be provided and processed in order to send commercial information.
In case of bespoke items, two different categories of data shall be identified: common data and specific data.
Are classified as common data all the data necessary to perform the purchasing contract and fulfil the related legal obligation.
Based upon a specific consent, the data will be processed for commercial purpose and communications.
The data provided can be used by the Controller for its legitimate interest or even in acting in a court if necessary.
Users are informed that in order to purchase bespoke, custom-made or made-to-measure items, it is necessary to register an account in the Site.
To whom Data can be communicated
The data provided by Users and Clients can be communicated to third parties that collaborate or supply any service to the Company. In any case the third parties will be nominated Data Processor.
Cross Border Data Transfer
The data provided to the Company will not be communicated outside EU or outside of the European Economic Area (EEA).
Data Retention Period
The data provided will be retained for a variable period depending on their nature.
Data provided voluntarily by the user
In the case of filling in forms, the data will be retained for the period necessary to respond to the user’s request and subsequently for a further 2 years, in order to maintain an informative relationship with the interested party (by sending newsletters, etc.) and if it has been given the consent to the processing of the data provided for marketing purposes. After this period the data will be permanently deleted.
In the case of the purchase of custom-made products, for the entire period of the contractual relationship, after which the data will remain kept according to the terms of the law (fiscal and tax legislation) or for a longer period necessary to protect the legitimate interests of the owner of the treatment. The additional data provided and not necessary for the fulfilment of contractual obligations (such as telephone number, email, etc.), will be kept for the entire period of the contractual relationship and subsequently for a further 2 years, in order to maintain an information relationship. with the interested party (by sending newsletters, etc.), if the latter has given consent to the processing of the data provided for marketing purposes: after this period the data will be permanently deleted.
Data automatically collected
With regard to the Data Controller, the interested party may at any time exercise the rights referred to in Articles 15 ss of EU Regulation 679/2016: right of access (Article 15); right of rectification (Article 16); right to cancellation (Article 17); right to limit the processing (Article 18); right to data portability (Article 20); right to object (Article 21); right to withdraw consent (Article 13).
Furthermore, it is always possible to lodge a complaint with the competent supervisory authority (pursuant to art.77 EU Reg 679/2016) or judicial appeal (pursuant to art.79 EU Reg 679/2016) if the interested party believes there is a violation of their rights.
Updates and modifications
The Company reserves the right to periodically modify and update this Information pursuant to applicable legislation and or the measures adopted.