This section contains information for users interacting with the Panchic.com website, with reference in particular to the processing of their data by the company Arsenale 5 Srl, owner of the same website, also in accordance with Articles 13-14 of Regulation (EU) 2016/679. The said website also enables products to be purchased online (e-shop) and the Data Controller oversees this activity, again in compliance with the obligations deriving fro the aforesaid Regulation (EU) 2016/679.
The information provided applies to the Panchic.com website only and not to any other websites that may be consulted by the user through the links contained in it.
A. Data Controller
1. The Data Controller relating to this website is: Arsenale 5 Srl, with headquarters in via delle Industrie, 69, 31010 - Fonte (TV), Italy, who may be contacted for any clarification or exercising of users’ rights at the following e-mail address: firstname.lastname@example.org or by registered letter to the address given above.
2. Data processing means any operation or series of operations concerning the collection, registration, organisation, storage, consultation, processing, amendment, selection, extraction, comparison, utilisation, interconnection, blocking, communication, divulgation or destruction of the same data.
3. The Data Controller informs that any personal data identifying the user (such as name, surname, address, telephone number, e-mail address, bank and/or payment references, etc.), hereinafter called “personal data” or also “data”, relating to the website user, acquired directly including verbally, may be subject to processing in full compliance with the Regulation (EU) 2016/679.
4. The Data Controller shall carry out processing in a lawful manner also in fulfilment of a supply contract with the website user to fulfil pre-contractual measures (eg. drawing up a quotation, etc.) requested by the same user (Art. 6 Regulation (EU) 2016/679).
B. Communicating and transferring data
1. Without the need for express consent (Art. 6 (b) and (c) Regulation (EU) 2016/679), the Data Controller may pass on the user’s data for the purposes set out in point D.1.A hereunder) to supervisory bodies, judicial authorities, insurance companies for the provision of insurance services as well as to subjects to whom communication is required by law, for the purposes indicated hereunder. Said subjects shall process the data in their capacity as autonomous data controllers.
2. During and after browsing, the user’s data may be passed on to third parties, in particular to:
- Google: Advertising service, Targeted advertising, Analytical Measuring, Content Customisation, Optimisation;
- Google Adv: Advertising service, Targeted advertising, Analytical Measuring, Content Customisation, Optimisation;
- Google Analytics: Targeted advertising, Analytical Measuring, Optimisation.
The user’s data shall not however be divulged.
3. Personal data are stored on devices located at the headquarters of the Data Controller or with providers, within the European Union. It is understood in all cases that the Data Controller, if and when necessary, shall also be entitled to move the data to countries outside the EU. In such case the Controller ensures henceforth that the transfer of data outside the EU shall be carried out in compliance with applicable legal provisions, and be subject to the contract clauses and standard checks provided for by the European Commission.
4. The user’s navigation data may furthermore be transferred, only for the purposes set out hereunder, to the following states: EU countries, United States.
5. Both with regard to the data present on its own devices, and for any data present at providers, the Data Controller has implemented appropriate technical and organisational measures to guarantee an appropriate level of security, in full compliance with provisions laid down in Art. 32 Regulation (EU) 2016/679.
C. Data processing methods
1. Like all websites, this one also makes use of log files in which information collected automatically is stored during visits by users. The following information may be collected:
- Internet Protocol (IP) address;
- type of browser and parameters of the device used to connect to the website;
- name of internet service provider (ISP);
- date and time of visit;
- web page the visitor arrived from (referral) and the one visited afterwards;
- possibly the click number.
2. The aforesaid information is processed automatically and collected exclusively in aggregate form in order to check that the website is working properly, and for security reasons. Such information is processed on the basis of the Data Controller’s legitimate interests.
3. For security purposes (anti-spam filters, firewalls, detecting viruses), the data recorded automatically may also include personal data such as the IP address, which could be used, in compliance with laws in force on the subject, in order to block attempts to damage the same website or cause damage to other users, or in any case activities that are harmful or constitute an offence. Such data shall never be used to identify or to profile users but only for the purposes of protecting the website and its users. Such information is processed on the basis of the Data Controller’s legitimate interests.
5. The information that website users shall deem fit to be made public using the services and instruments made available to them, is provided by the user knowingly and voluntarily, and exempts this website from any liability associated with it and any infringement of the law. It is the user’s responsibility to check that he or she has the permission to enter the personal data of third parties or content protected by national and international laws.
D. Purposes for which the data is processed
1. The data collected by the website during operations are used for the purposes set out above and for the following purposes:
A) without the express consent of the user/customer (Art. 6 (b), (c), (e) of Regulation (EU) 2016/679 for the following:
- to manage access to the e-shop’s services and facilitate the purchase of products online as well as to allow the user to be registered with the e-shop and possibly conclude the contract for purchasing through the e-shop;
- fulfil pre-contractual and fiscal obligations arising from relations existing with the user/customer;
- allow the user to access the e-shop, also as a user who is not logged in, and to navigate the e-shop;
- allow the user to register with the website, by creating an account, and to take advantage of the services reserved for registered users, including in particular the possibility to make purchases through the e-shop;
- allow the user to access the e-shop and the navigate the e-shop as a logged-in user ;
- maintain and manage the user’s account;
- memorise data and information in the account, such as by way of example, the user’s biographical, the history of his or her orders and any returns made, his or her preferred delivery and/or billing address;
- allow the user to place products in the trolley and conclude the purchase contract through the e-shop.
- to implement the obligations arising from the purchase contract concluded through the e-shop, such as by way of example, the delivery of the products sold;
- to allow the user to fulfil his or her obligations arising from the purchase contract concluded through the e-shop, such as by way of example, payment on line of the products purchased;
- for customer service and customer care activities in general, and therefore to deal with requests for information from users or to respond to complaints, reports and objections;
- to fulfil obligations provided for by law, by regulations, by EC legislation or an order from an Authority (such as for example, one dealing with money laundering);
- to exercise the rights of the Data Controller, such as the right to legal defence;
- for general accounting purposes;
- for administrative purposes (invoicing, managing documents, etc.);
- for credit management;
- for statistical analyses and quality control;
- for managing insurance;
- for technical servicing.
In particular, the users’ data shall be processed for purposes connected with implementing the following measures relating to legal or contractual obligations:
- technical or functional access to the website, no data shall be held after the browser has been closed;
- for the purpose of advanced navigation or managing customised content;
- for statistical and analysis purposes concerning navigating and users.
B) Only when the user has given specific and distinct consent (Art. 7 Regulation (EU) 2016/679), for the following commercial and/or marketing and/or profiling purposes:
- sending by e-mail, post and/or SMS and/or telephone contacts newsletters, commercial communications and/or advertising material about products or services offered by the Data Controller and/or to measure the degree of satisfaction in terms of quality of what was provided on at the user’s request;
- sending by e-mail, post and/or SMS and/or telephone contacts commercial and/or promotional material from third-party subjects (such as business partners).
The provision of data for the purposes set out in point D.1.A) above is compulsory. If data are not provided, we are unable to guarantee the user the services cited in D.1.A) (eg: failure to provide data shall make it impossible for the user to conclude such contract and therefore to purchase through the e-shop). The provision of data for the purposes set out above in point D.1.B) is instead optional. The user may therefore decide not to provide any data or to subsequently deny the possibility to process data already provided: in such case, he or she shall not be able to receive newsletters, commercial communications and advertising materials and/or anything else relating to the services offered by the Data Controller.
He or she shall however continue to be entitled to the Services set out in point D.1.A).
2. The Controller shall process the personal data for the time necessary to fulfil the purposes set out above and in any case no longer than the legally required terms after the termination of the relationship for the purpose for which it came into existence (eg: the data necessary to implement the purchase contract until the product has been delivered, or, in the case of non-delivery, until the termination of the contract).
With reference to personal data being processed for marketing purposes or processed for profiling purposes, the data shall be stored in accordance with the principle of proportionality and in all cases until the purposes for which they are processed have been achieved or until the specific consent of the data subject concerned has been withdrawn.
Specifically, the Data Controller shall process the data for no more than 2 years from the time the data were collected for marketing purposes and for one year for data collected for the purposes of profiling.
3. The data used for security purposes (blocking attempts to damage the website) are stored for the time strictly required to achieve the aforesaid purpose.
4. As stated above, the optional, explicit and voluntary sending of electronic mail to the addresses indicated on this website shall lead to the sender’s address being subsequently acquired, which is necessary to respond to the requests, along with any other personal data contained in the missive.
E. User’s rights
1. Art. 13, (C) (2) of Regulation (EU) 2016/679 lists the following user’s rights.
2. Regarding the Panchic.com website therefore we inform the user of the existence of:
– the right of the data subject to request the Controller for access to his or her personal data (Art. 15 Regulation (EU) 2016/679), for these to be updated (Art. 7, (3), (a) Law Decree 196/2003), to be rectified (Art. 16 Regulation (EU) 2016/679), to be completed (Art. 7, (3), (a) Law Decree 196/2003) or for processing concerning them to be limited (Art. 18 Regulation (EU) 2016/679) or to object, for legitimate reasons to them being processed (Art. 21 Regulation (EU) 2016/679), as well as the right to portability of the data (Art. 20 Regulation (EU) 2016/6799).
- the right to request cancellation (Art. 17 Regulation (EU) 2016/679), conversion into an anonymous form or blocking of data processed in violation of the law, including those for which storage is not necessary in relation to the purposes for which the data were collected or subsequently processed (Art. 7, (3), (b)) Law Decree 196/2003);
– the right to obtain confirmation that the operations to update, rectify, complete data, delete, block data and conversion have been brought to the attention, also with regard to their content, of those to whom the data were passed on or divulged, except in the case in which such performance results as being impossible or would involve the use of means clearly disproportionate to the right being protected (Art. 7, (3), (c)) Law Decree 196/2003);
3. Requests may be sent to the Data Controller by registered letter, also using the model provided by the Italian Data Protection Officer, or by sending an e-mail to the address: email@example.com.
4. If processing is based on Art. 6, (1), (a)) – express consent for use – or Art. 9, (2) (a)) – express consent for the use of genetic or biometric data or data concerning health, that disclose religious or philosophical convictions or membership of trades unions, that reveal racial or ethnic origins, or political opinions – the user has the right to withdraw consent at any time without jeopardising the lawfulness of processing based on consent given before withdrawal.
5. Likewise, in the event of violation of the law, the user has the right to lodge a complaint with the Italian Data Protection Officer, who is the authority appointed to control processing within the state of Italy.
6. For a more in-depth examination of the rights you are entitled to, see Art. 15 and subsequent articles of Regulation (EU) 2016/679 and Art. 7 Law Decree 196/2003.
7. It may be possible that the owner of this website is not the Data Controller to whom the user has given his or her personal data but that he or she is joint Data Processor or an external data processor and that as a result the user’s data arrived at the said owner secondly, due to a contract governing the parties. In this case we point out that the website owner will do his utmost to ensure that the user has been informed and has consented to processing. The user may at any time ask the owner of this website about the origins of the data acquired.
8. The provisions set out above and offered by the Data Controller as the object of the relationship with the user does not cover the intentional acquisition of personal information regarding minors. In the event that information regarding minors is involuntarily recorded, the Data Controller shall promptly delete it at the request of the data subject.
F. Security of the data provided
1. This website processes users’ data in a lawful and correct manner, taking the appropriate security measures to prevent non-authorised access, divulgation, modification or non-authorised destruction of the data. Processing is carried out using computerised and/or screen-based instruments, with organisational procedures and logics that are strictly related to the purposes indicated.
2. The user’s data may be made accessible for the purposes set out in points D.1.A) and D.1.B) above:
- to partners, employees and co-workers of the Data Controller in Italy and abroad, in their capacity as persons appointed and/or internally responsible for processing and/or systems administrators;
- to third-party companies or other subjects that provide outsourced activities on behalf of the Data Controller, in their capacity as external persons responsible for processing. As an indication, these may be: associated practices and lawyers, data processing companies, certification boards, accounting/tax advisors and in general all bodies appointed to carry out checks and controls with regard to the correct fulfilment of the purposes indicated above, banks, professional studios, consultants, insurance companies for the provision of insurance services, financial offices, Municipal Departments and/or Offices, to consultants and service companies for safety in the workplace, which may in turn pass on the data, or grant access to them to their members, users and relevant successors for specific market research. The data collected and processed may also be passed on, in Italy and abroad, to sub-contractors, suppliers, managers of computerised systems, to hauliers, freight forwarders and customs agents.
For brevity, the detailed list of such figures is available at the headquarters of the Data Controller and is at users’ disposal.
G. Type of Cookies
2. The cookies do not record any personal information and no identifiable data will be stored. If preferred, it is possible to prevent some or all cookies from being saved. However, in this case the use of the website and the services offered could be compromised. To proceed without modifying cookie options, simply continue navigating.
Here below are the types of cookies used on the website.
3. These are used for navigation and to make it easier for the user to access and use the website. They are necessary to send communications over the electronic network, in other words, to the provider to provide the service requested by the customer, regardless of his or her preferences.
4. The settings to manage or disable cookies may vary depending on the Internet browser used. The user however may manage or request the general disablement or deletion of cookies by altering the settings on the Internet browser. This may slow down or impede access to some parts of the website. The use of technical cookies enables the website to be used safely and efficiently.
5. The cookies that are stored in the browser and retransmitted through Google Analytics or through blogging statistics service or similar are technical cookies only if used for the purposes of enhancing the site, directly by the owner of the website, who may collect information in aggregate form about the number of users and how they visit the website. On these conditions, the same rules apply to analytics cookies, in terms of disclosure and consent, as for technical cookies.
6. From the point of view of duration, it is possible to distinguish between temporary session cookies, which are deleted immediately at the end of the navigation session and are used to identify the user and therefore avoid login each time a page is visited and permanent cookies, which remain enabled in the PC until they expire or the user deletes them.
7. Session cookies may be installed for the purpose of allowing users to access and stay in the reserved area of the portal as authenticated users. These are not persistently stored but are used exclusively for the duration of navigation until the closure of the browser and disappear when this is closed. Their use is strictly limited to the transmission of session identifiers formed by random numbers generated by the server, and are necessary to allow safe and efficient exploration of the website.
8. Being present in an e-commerce area, the system saves the user’s interaction with the purchase area by generating a cookie capable of recovering orders that have been placed.
9. The user may also manage cookies using the settings on his or her browser. However, deleting cookies from the browser may remove the preferences that he or she has set for the website. For further information and support, it is also possible to visit the specific help page of the web browser being used:
- Internet Explorer: http://windows.microsoft.com/en-us/windows-vista/block-or-allow-cookies
- Safari: http://www.apple.com/legal/privacy/it/
10. This website used third-party cookies belonging to Google Inc. for the collection of data regarding user navigation. The data collected are used solely for the purpose of generating statistical reports within the Google Analytics analysis tool. Demographic profiling of users may be carried out by extracting statistically relevant data including age group, gender and categories of interest. Further information on data processing by Google Inc. can be found at the following address: http://www.google.com/analytics/learn/privacy.html
11. To disable Google Analytics display advertising or to customise the types of ads displayed, you can go to https://www.google.it/settings/ads. To completely disable the collection of statistical data by Google Analytics an additional component can be installed on the browser, downloadable free of charge from https://tools.google.com/dlpage/gaoptout/
12.Other enabled third-party cookies may be: CloudFlare (https://www.cloudflare.com/it-it/privacypolicy/), Facebook (https://www.facebook.com/policies/cookies/), Feedaty (https://www.feedaty.com/privacy), HotJar ( https://www.hotjar.com/privacy), Linkedin (https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-guest-home-privacy-policy), ShareThis (https://www.sharethis.com/privacy/), TrustedShop (https://www.trustedshops.it/legal-notice-privacy.html), Yotpo (https://www.yotpo.com/privacy-policy/), Zendesk https://www.zendesk.com/company/customers-partners/cookie-policy/).
13. To find out about all the enabled cookies on this website, you can use the service available on https://www.cookie-checker.com or similar services. Remember that no data collected by means of cookies on this website will ever be passed on to third-party subjects apart from Google Inc., its certified partners and the other stakeholders stated above.
H. Social Network Plugins
2. The collection and use of information obtained by means of plugins are governed by the social networks’ respective privacy policies, which we invite you to consult:
I. Amendments to this document
2. The document was updated on 09/10/2019 to comply with relevant legal provisions, and in particular to comply with Regulation (EU) 2016/679.