Information document pursuant to and for the purposes of Article 13 Regulation (EU) 2016/679 (GDPR)

WHY THIS INFORMATION

In accordance with Regulation (EU) 2016/679 (hereinafter “GDPR”), this page describes the methods of personal data processing. This is an information document provided pursuant to Article 13 GDPR. The information is to be considered valid only for the website www.t-shirt.it; it is not valid for other third-party websites that may be accessed through links on this website, for which no responsibility is assumed.

Processable personal data

Personal data: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person (C26, C27, C30 GDPR).

Contractor/User data.

Navigation data

The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

This category of data includes IP addresses or domain names of the computers and terminals used by users, URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters relating to the user’s operating system and computer environment.

Voluntarily communicated data

The optional, explicit, and voluntary sending of messages to the contact addresses indicated on this website and/or the completion of data collection forms entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data entered.

Information about the processing of personal data carried out through Social Media platforms

Regarding the processing of personal data carried out by the managers of the Social Media platforms used by the Data Controller, reference is made to the information provided by them through their respective privacy policies. The Data Controller processes the personal data provided by users through the dedicated Social Media pages, to manage interactions with users (comments, public posts, etc.) and in compliance with current regulations.

Specific information

Specific information may be present on the Site pages regarding particular services or data processing provided.

Cookies and other tracking systems. What are they? What are they used for?

For cookies and other non-technical tracking systems, see the cookie policy in the site footer and the following link.

  1. WHO IS THE DATA CONTROLLER?

The Data Controller is GRAFFITI S.R.L., with registered office in Loc. Pasina 46, 38066, Riva del Garda (TN), represented by its pro-tempore Legal Representative, who can be contacted for any information via email at [email protected].

  1. HAS THE DATA PROTECTION OFFICER BEEN APPOINTED? WHAT ARE HIS CONTACT DETAILS?

GRAFFITI S.R.L. has appointed its own Data Protection Officer (DPO) pursuant to articles 37, 38, and 39 of the GDPR. The DPO can be contacted at the aforementioned Controller’s address and via email at [email protected].

  1. PURPOSES OF PROCESSING, LEGAL BASIS, DATA RETENTION PERIOD, AND NATURE OF PROVIDING

 

PURPOSE OF PROCESSING

LEGAL BASIS

DATA RETENTION PERIOD

NATURE OF PROVIDING

A)

Navigation on this website

Activities strictly necessary for the operation of the site and the provision of the navigation service on the platform.

The data necessary for the use of web services will also be processed for the purpose of:

• obtaining statistical information on the use of services (most visited pages, number of visitors per time or day, geographical areas of origin, etc.);

• checking the correct functioning of the services offered.

 

 

Legitimate interest | data subject’s rights

Art. 6 letter f) and considering 47 GDPR: the processing is necessary for the pursuit of the legitimate interests of the data controller or third parties.

Until the end of the browsing session and up to a maximum of additional 7 days (except for any need for investigation of crimes by the Judicial Authority)

Necessary to ensure navigation

B)

Analysis of navigation through the use of cookies and similar technologies.

Further information within the cookie policy

For non-technical necessary cookies and similar technologies, the processing is based on consent to the processing of personal data (art. 6 para. 1 letter a and C42, C43 of the GDPR).

Consent is given through the website’s banner and cookie policy.

Further information within the cookie policy

Further information within the cookie policy

C)

Request for contact or information via telephone contacts, dedicated form, Whatsapp button widget, or similar systems.

The processing is necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures taken at the request of the data subject;

art. 6 par. 1 letter b) and (C44) GDPR

1 year

Necessary for the pursuit of the legitimate interest of the data controller, respecting the rights and fundamental freedoms of the user

D)

Direct marketing – newsletter, for sending advertising or direct sales material or for the performance of market research, commercial and promotional communication, newsletters, via automated means (email, SMS) and traditional means (telephone and postal mail). Communications may contain promotional activities and/or logos of third-party partners and companies belonging to the group. There will be no transfer of personal data.

The Data Controller, to compare and possibly improve the results of automated communications, uses systems with reports. Thanks to the reports, the Data Controller may know, for example: the number of readers, openings, unique clicks, and clicks; the devices and operating systems used to read the communication; details on individual user activity; details of sent emails, emails delivered and not delivered, forwarded emails.

Consent to the processing of personal data

art. 6 par. 1 letter a) – (C42, C43) GDPR

Until the consent is revoked (or opt-out)

Providing data is optional. Failure to provide the necessary data will result in the inability to receive direct marketing communications

E)

Management of requests for the exercise of rights by data subjects pursuant to art. 15 et seq of the GDPR (data subject’s rights)

The processing is necessary to fulfill a legal obligation to which the data controller is subject

Art. 6 par. 1 letter c) and (C45) GDPR

5 years from the closure of the request, unless there are disputes

Providing personal data is mandatory, as it is necessary to fulfill legal obligations

F)

For registration and access to the reserved area

The processing is necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures taken at the request of the data subject;

art. 6 par. 1 letter b) and (C44) GDPR

Until the termination of the contract and the technical time for disabling the credentials

Providing data is necessary. Failure to provide the necessary data will result

G)

Administrative and accounting purposes, to allow the execution of the contract in place between the parties (e.g., to allow the delivery of purchased products)

The processing is necessary for the execution of a contract to which the data subject is a party or for the execution of pre-contractual measures adopted at the request of the same;

Art. 6 par. 1 lett. b) and (C44) GDPR

10 years for administrative purposes or for a longer period if otherwise indicated by law (art. 2220 C.C.)

Providing data is necessary. Failure to provide the necessary data will result in the inability to conclude the contract