Notice on the Processing of Personal Data of Website Users

Articles 13 and 14 of Regulation 2016/679/EU (hereinafter also “GDPR”)

Why This Notice

XUTENSILI (hereinafter also referred to as the “Company” or “Data Controller”) is committed to respecting and protecting your privacy and wants you to feel safe both while simply browsing the site and when you decide to register by providing us with your personal data to use the services made available to its Users and/or Customers. On this page, the Company intends to provide some information on the processing of personal data relating to users who visit or consult the website accessible electronically from the address WWW.XUTENSILI.IT (the “Site”). This notice applies only to the Company’s website and not to other websites that may be visited by the user via links (for which please refer to the respective privacy policies/information). The reproduction or use of pages, materials, and information contained within the Site, by any means and on any support, is not permitted without prior written consent from the Company. Copying and/or printing for strictly personal and non-commercial use is permitted (for requests and clarifications contact the Company at the addresses indicated below). Other uses of the content, services, and information on this site are not permitted.

Regarding the content offered and the information provided, the Company will endeavor to keep the Site’s contents reasonably up-to-date and revised, without offering any warranty as to the adequacy, accuracy, or completeness of the information provided and expressly disclaiming any responsibility for possible errors of omission in the information provided on the Site.

Origin - Navigation Data

The Company informs you that the personal data you provide and acquired at the same time as the request for information and/or contact, registration on the site, and use of the services via a smartphone or any other tool used to access the Internet, as well as the data necessary for the provision of such services, including navigation data and data used for the possible purchase of products and services offered by the Company, but also the mere “navigation” data of the site by Users, will be processed in compliance with applicable legislation. The computer systems and software procedures used for the operation of this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of the Internet network. These are information that is not collected to be associated with identified data subjects, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes “IP addresses” or the domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used in submitting the request to the web server, the size of the file obtained in response, the numerical code indicating the status of the response given by the web server (successful, error, etc.) and other parameters related to the operating system and the user’s computer environment. These data are used only to obtain anonymous statistical information on the use of the site and to check its correct functioning. The Company specifies that this data could be used to ascertain responsibility in case of computer crimes against the Company’s site or other sites connected or linked to it: except for this possibility, at present, the data on web contacts do not persist for more than a few days.

Origin - Data Provided by the User

The Company collects, stores, and processes your personal data for the purpose of providing the products and services offered on the Site, or for legal obligations. Regarding some specific Services, Products, Promotions, etc., the Company may also process your data for commercial purposes. In such cases, a specific, separate, optional, and always revocable consent will be requested using the methods and contact details subsequently indicated.

The optional, explicit, and voluntary sending of electronic mail to the addresses indicated in the dedicated section of the Website, as well as the filling out of questionnaires (e.g., forms), communication via chat, push notifications via APP, social networks, call centers, etc., involves the subsequent acquisition of some of your personal data, including those collected through the use of Apps and related services, necessary to respond to requests. We also inform you that on the occasion of using the mobile connection to access content and digital services offered directly by the Company or by our Partners, it may be necessary to transfer your personal data to these third parties. We highlight that you may access the Site or connect to areas where you may be enabled to post information using blogs or message boards, communicate with others, for example, coming from the Company’s page on Facebook®, LinkedIn®, YouTube®, and other social networking sites, review products and offers, and post comments or content. Before interacting with these areas, we invite you to carefully read the General Conditions of Use considering that, in certain circumstances, the information posted can be viewed by anyone with Internet access and all the information you include in your posts can be read, collected, and used by third parties.

Purposes of Processing and Legal Basis

The data are processed for the purposes of:

1. being strictly connected and necessary for the registration on the site www.Company.it, to the services and/or Apps developed or made available by the Company, to the use of the related information services, to the management of contact or information requests, for the performance of purchases of products and services offered through the Company site;

2. related to ancillary activities connected to the management of the User/Customer’s requests and the sending of feedback which may involve the transmission of promotional material; for the completion of the purchase order of products and services offered, including aspects related to payment by credit card, the management of shipments, the possible exercise of the right of withdrawal provided for remote purchases, the update on the availability of temporarily unavailable products and services;

3. related to the fulfillment of obligations provided for by European and national regulations, the protection of public order, the ascertainment and repression of crimes;

The provision of data for the purposes referred to in points 1), 2) and 3), connected to a pre-contractual and/or contractual phase or functional to a user’s request or provided for by a specific regulatory provision, is mandatory and, in default, it will not be possible to receive the information and access the services eventually requested.

The Company may send commercial communications related to products and/or services similar to those already provided, pursuant to Directive 2002/58/EC, using the email addresses, or those on paper, you provided on such occasions to which you can object using the methods and contact details subsequently indicated.

Methods, Logic of Processing, Storage Times, and Security Measures

The processing is carried out also with the aid of electronic means or however automated and is carried out by the Company and/or by third parties which the Company can use to store, manage, and transmit the data. The processing of data will be carried out with organizational logic and processing of your personal data, also related to logs generated by access and use of services made available via the web, of the products and services used related to the above purposes and, in any case, in order to ensure the security and confidentiality of the data. The personal data processed will be stored for the times provided for by the applicable legislation over time.

Also concerning data security, in the sections of the website set up for particular services, where personal data are requested from the user, the data is encrypted using a security technology called Secure Sockets Layer, abbreviated as SSL. SSL technology encrypts the information before it is exchanged via the Internet between the user’s computer and the central systems of the Company, making it incomprehensible to unauthorized parties and thus ensuring the confidentiality of the information transmitted; furthermore, transactions carried out using electronic payment instruments are carried out using directly the platform of the Payment Service Provider (PSP) and the Company keeps only the minimum set of information necessary to manage any disputes. Specifically referring to the protection of personal data, the user/client is invited, pursuant to Art. 33 of the GDPR, to report to the Company any circumstances or events from which a potential “personal data breach (data breach)” may arise in order to allow an immediate evaluation and the adoption of any actions aimed at countering such an event by sending a communication to privacy@Company.it or contacting the Customer Service. The measures adopted by the Company do not exempt the Client from paying the necessary attention to the use, where required, of passwords/PINs of adequate complexity, which must be periodically updated, especially if he fears they have been violated/known by third parties, as well as to keep them carefully and make them inaccessible to third parties, in order to prevent improper and unauthorized use.

Cookies

A cookie is a short string of text that is sent to your browser and, if necessary, saved on your computer (alternatively on your smartphone/tablet or any other tool used to access the Internet); this sending generally occurs every time you visit a website. The Company uses cookies for various purposes, in order to offer you a fast and secure digital experience, for example, allowing you to maintain the connection to the protected area active while browsing through the pages of the site.

The cookies stored on your terminal cannot be used to recall any data from your hard disk, transmit computer viruses or identify and use your email address. Each cookie is unique in relation to the browser and device you use to access the Website or use the Company’s App. Generally, the purpose of cookies is to improve the functioning of the website and the user’s experience in using it, although cookies can be used to send advertising messages (as specified below). For more information about what cookies are and how they work, you can consult the “All about cookies” website http://www.allaboutcookies.org.

For detailed information on Cookies, click here

Areas of Communication and Data Transfer

For the pursuit of the purposes outlined above, the Company may communicate and have personal data of users/customers processed by third parties with whom we have relationships, where these third parties provide services upon our request. We will provide these third parties only with the information necessary to perform the requested services, taking all measures to protect your personal data. Personal data will not be transferred abroad. Moreover, personal data may be communicated to competent public bodies and authorities for the fulfillment of regulatory obligations or for the ascertainment of liabilities in case of computer crimes against the site and also communicated to, or located at, third parties (acting as data controllers or, in the case of providers of electronic communication services, as independent data controllers) that provide computer and telecommunication services (e.g., hosting services, management and development of websites) which the Company uses for carrying out tasks and activities of a technical and organizational nature instrumental to the functioning of the website. The subjects belonging to the categories mentioned above operate as separate Data Controllers or as Managers duly appointed by the Company.

Personal data may also be known to the Company’s employees/consultants who are specifically trained and designated as Data Processors.

The categories of recipients to whom the data may be communicated are available by contacting the Company at the addresses indicated below.

Rights of Data Subjects

You may exercise at any time the rights that the law grants you, including:

a)       the right to access your personal data, obtaining evidence of the purposes pursued by the Data Controller, the categories of data involved, the recipients to whom the data may be communicated, the applicable retention period, the existence of automated decision-making processes;

b)      the right to obtain without undue delay the rectification of inaccurate personal data concerning you;

c)       the right to have your data erased in the cases provided for by the law;

d)      the right to restrict processing or to object to it, when possible;

e)       the right to request the portability of the data you have provided to the Company, i.e., to receive them in a structured, commonly used and machine-readable format, also to transmit those data to another data controller, within the limits and under the conditions provided for by Art. 20 of the GDPR;

Furthermore, you may lodge a complaint with the Data Protection Authority under Art. 77 of the GDPR.

Data Controller

The Data Controller, pursuant to Art. 4 of the GDPR, is ZEROUNO SRL Unipersonale, Via Francesco Olgiati 26, 20143 Milan, VAT No.: 12841930964, Tax Code: 12841930964

The rights listed above may be exercised at the request of the Data Subject using the methods made known by the Customer Service or on the company’s website or using the following contact details: Reference Name (info@xutensili.it).

The use of the Website, including those intended for tablets and/or smartphones, by the Customer and/or User implies full knowledge and acceptance of the contents and any instructions included in this version of the notice published by the Company at the time the site is accessed. The Company informs that this information may be modified without notice and therefore recommends periodic review.

This privacy notice was updated on 12/09/2023.