summer winter
0
Discover the summer season
Discover the winter season
summer winter
0

Privacy Policy

WEBSITE PRIVACY NOTICE

PURSUANT TO ART. 13 EU REG. 2016/679 (GDPR)

 

Dear Data Subject,

by means of this notice, ONLY SKI DI BOSCARDIN LUCA & C. S.N.C. provides information on the processing of personal data acquired, including verbally, directly or through third parties, relating to you and arising from the use of the website https://www.onlyski.eu/. This notice is provided pursuant to Art. 13 of EU Reg. 2016/679 (the GDPR).

  1. IDENTITY AND CONTACT DETAILS OF THE CONTROLLER.

The Data Controller (hereinafter also the “Controller”) is ONLY SKI DI BOSCARDIN LUCA & C. S.N.C., registered office: Frazione Entreves, 122, 11016 La Thuile (AO), Italy, VAT No. 01046340079, tel. +39 0165 885307, e-mail onlyski@lathuile.it, PEC onlyski@solutionpec.it.

  1. TYPES OF PERSONAL DATA, PURPOSES, AND LEGAL BASES OF PROCESSING

On the website https://www.onlyski.eu/, personal data voluntarily entered by the user (first name, last name, e-mail, phone) may be processed for the purpose of completing a product order and managing deliveries. The legal basis in such cases is the performance of a contract to which the user is or may become a party, or the execution of pre-contractual measures at the user’s request (Art. 6(1)(b) GDPR).

On the website https://www.onlyski.eu/ it is also possible to activate a personal account through which registered customers access with their authentication credentials and can post comments. The portal allows each user to access information on services and products, make configuration changes, obtain/modify access credentials, and obtain support. The personal data processed by the Controller for this processing activity are: source IP address logs, system and network logs, electronic traffic data, data processed for the transmission of a communication over an electronic communications network or for related billing purposes.

The legal basis in these cases is the necessity for the technical storage of information or access to information already stored, for the purpose of transmitting a communication or to the extent strictly necessary to provide an information society service explicitly requested by the user (Art. 122 of the Italian Privacy Code).

  1. METHODS OF PROCESSING.

Processing will be carried out using electronic, IT or automated tools, as well as paper-based methods.

Processing is performed by the Controller and by the Controller’s collaborators and/or employees as persons authorized to process data, by the system administrator, and by data processors specifically appointed in writing, within the scope of their functions and in accordance with the instructions given by the Controller, ensuring the use of appropriate measures for the security of the data processed and guaranteeing confidentiality.

In accordance with the provisions of the Regulation, processing carried out by the Controller will be based on the principles of lawfulness, fairness, transparency, purpose and storage limitation, data minimization, accuracy, integrity and confidentiality.

Your data will always be processed with the utmost respect for confidentiality, including when handled by third parties expressly appointed by the Controller.

Your data are not subject to any automated decision-making process.

  1. RETENTION PERIOD.

Your personal data will be retained for the duration of order/account management and for a period of ten years following completion of the last order / the account’s last activity, in order to comply with tax and accounting obligations, as well as for judicial protection in the event of disputes.

This is without prejudice to cases where the Controller’s rights need to be enforced in legal proceedings; in such cases, the personal data of the Data Subject, exclusively those necessary for these purposes, will be processed for the time strictly required to pursue them.

Upon expiry of the above retention periods, the data will be destroyed, erased or anonymized, in line with technical procedures for deletion and backups.

  1. RECIPIENTS OF PERSONAL DATA.

The personal data you provide may be disclosed to the Controller, to persons authorized to process the data and/or to data processors. The list of appointed Data Processors, where applicable, is available upon request.

Personal data of the Data Subject are disclosed primarily to third parties and/or recipients whose activities are necessary for carrying out operations related to the performance of the contractual relationship and to comply with specific legal obligations, including, by way of example: entities that process data in compliance with legal obligations (national and governmental bodies, etc.), any trade associations to which the company has adhered, credit institutions, finance companies and other credit intermediaries providing services for the above purposes, software and hardware support companies, and firms or professionals for the judicial or extrajudicial protection of the Controller’s rights.

  1. DATA DISCLOSURE.

Unless specifically requested in writing by you, or by explicit order of a judicial authority/legal obligation, the personal data you provide are not subject to dissemination.

  1. DATA TRANSFERS ABROAD.

The data collected will not be transferred to third countries or international organizations.

  1. DATA SUBJECT RIGHTS.

The legislation grants the Data Subject the exercise of specific rights listed in Articles 15 to 22 of the GDPR, including the right to obtain from the Controller confirmation as to whether or not personal data concerning them are being processed (i.e., access), their provision in an intelligible form, as well as the rectification or erasure of such data, or restriction of processing in whole or in part, or to object to processing on legitimate grounds and/or to withdraw consent at any time (without prejudice to the consequences indicated), or to request data portability with regard to data processed on the basis of specific consent, as well as updating.

The Data Subject has the right to know the source of the data, the purposes and methods of processing, the logic applied to processing, the identification details of the Controller and the subjects to whom the data may be communicated.

The Data Subject also has the right to request anonymization, restriction or blocking of data processed in violation of the law; the Data Subject may also lodge a complaint regarding the unauthorized processing of the data provided with the Italian Data Protection Authority according to the procedures published on that authority’s website (http://www.garanteprivacy.it/).

Requests relating to the exercise of the above rights may be addressed to the Data Controller, at the contact details indicated above, without formalities or, alternatively, using the form provided by the Italian Data Protection Authority available at: http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/1089924.

The exercise of the above rights may be exercised by sending a written communication via PEC (certified email) or by registered letter with return receipt addressed to the structure indicated above.

Powered by Key-One
Book Online