Information pursuant to art. 13 of Regulation (EU) no. 679/2016 ("GDPR")
What data we process
(art. 13, paragraph 1, letter a, art. 15, letter b GDPR)
The House of Venus Srls , in the person of its legal representative, with headquarters in Via Stromboli 75/77 operates as Data Controller and can be reached at email@example.com and collects and / or receives information about the interested party, such as:
Personal data :
name, surname, physical address, nationality, province and municipality of residence, fixed and/or mobile phone, fax, tax code, e-mail address(es)
IBAN and bank/postal data (except credit card number)
Telematic traffic data:
Log, originating IP address.
The House of Venus Srls does not require the Interested Party to provide so-called "particular" data, that is, in accordance with the provisions of the GDPR (art. 9), personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data designed to uniquely identify a natural person, data relating to health or sexual life or sexual orientation of the person. In the event that the service requested to La Casa di Venere Srls requires the processing of such data, the interested party will receive prior information and will be required to give consent.
The Data Controller has appointed a Data Protection Officer (DPO) who can be contacted for any information and requests:
For any information or request the interested party may contact firstname.lastname@example.org.
Purpose of data collection
(Article 13, paragraph 1 GDPR)
The data is used by the Data Controller to process the registration request and the contract for the supply of the chosen Service and/or the purchased Product, to manage and execute the contact requests made by the interested party, to provide assistance, to fulfil the legal and regulatory obligations to which the Data Controller is bound in relation to the activity carried out. Under no circumstances does La Casa di Venere Srls resell the personal data of the interested party to third parties or use them for undeclared purposes.
In particular, the data of the interested party will be processed for:
1) personal data registration and contact requests. The processing of the personal data of the interested party takes place in order to carry out the preliminary activities and subsequent to the request for registration, the management of requests for information or sales and contact and/or shipping of the product(s) purchased or sending information material, as well as for the fulfillment of any other obligations arising. The legal basis of these treatments is the fulfillment of the services inherent to the request for registration, information and contact and/or to carry out the shipment of the purchased product(s) and/or dispatch of informative material and the respect of legal obligations.
the management of the contractual relationship. The processing of the personal data of the interested party takes place in order to carry out the activities prior to and consequent to the purchase of a Product, the management of the relative order, the shipment of the purchased Product, the relative invoicing and payment management, the handling of complaints and/or reports to the assistance service and the provision of the assistance itself, the prevention of fraud as well as the fulfilment of any other obligation deriving from the contract. The legal basis of these treatments is the fulfilment of the services inherent to the contractual relationship and the respect of legal obligations.
3) promotional activities on Services/Products similar to those purchased by the interested party (Considering 47 GDPR). The Data Controller, even without your explicit consent, may use the contact data communicated by the Interested Party, for the purposes of direct sales of its own Products, limited to the case in which the Products are similar to the Products being sold, unless the Interested Party explicitly objects.
4) commercial promotion activities on Products other than those purchased by the Interested Party. The personal data of the interested party may also be processed for purposes of commercial promotion, surveys and market research with regard to Products that the Owner offers only if the interested party has authorized the processing and does not object to this.
This processing may be carried out automatically, in the following ways: - e-mail; - sms; - telephone contact and may be carried out: 1. if the interested party has not revoked his consent for the use of the data; 2. if, in the event that the processing is carried out by means of contact with a telephone operator, the Data Subject is not registered in the register of objections referred to in Presidential Decree no. 178/ 2010; the legal basis for such processing is the consent given by the Data Subject prior to the processing itself, which can be revoked by the Data Subject freely and at any time (see Section III).
5) The Data Controller, in line with the provisions of Recital 49 of GDPR, processes, also through its suppliers (third parties and/or recipients), the personal data of the Data Subject relating to traffic to the extent strictly necessary and proportionate to ensure network and information security, i.e. the ability of a network or information system to resist, at a given level of security, unforeseen events or unlawful or malicious acts that compromise the availability, authenticity, integrity and confidentiality of the personal data stored or transmitted. The Owner will promptly inform the Interested Parties if there is a particular risk of violation of their data, without prejudice to the obligations deriving from the provisions of art. 33 of the GDPR relating to notifications of personal data violation. The legal basis of these treatments is the respect of legal obligations and the legitimate interest of the Owner to carry out treatments inherent to the purposes of protection of company assets and security.
6) Profiling. The personal data of the interested party may also be processed for profiling purposes (such as analysis of the data transmitted and the Products chosen, proposing advertising messages and/or commercial proposals in line with the choices made by the users themselves) only if the interested party has provided explicit and informed consent. The legal basis for such processing is the consent given by the interested party prior to the processing itself, which is revocable by the interested party freely and at any time.
fraud prevention (recital 47 and Art. 22 GDPR)
the personal data of the data subject, with the exception of particular data (Art 9 GDPR) or judicial data (Art 10 GDPR), will be processed to allow controls with the purpose of monitoring and preventing fraudulent payments, by software systems that carry out an automated verification prior to the negotiation of Products;
the passing of such checks with negative results will make it impossible to carry out the transaction; the interested party may in any case express his or her opinion, obtain an explanation or contest the decision by giving reasons to the Customer Service Department or to the contact email@example.com.
personal data collected for anti-fraud purposes only, unlike the data necessary for the correct execution of the requested service, will be immediately deleted at the end of the control phases.
7) The protection of minors. The Products offered by the Owner are reserved to subjects legally able, on the basis of the national legislation of reference, to conclude contractual obligations. The Owner, in order to prevent illegitimate access to its services, implements preventive measures to protect its legitimate interest, such as entering the date of birth, when necessary, the correctness of identification data and their truthfulness remain the responsibility of the user and can not in any way verified by the Owner.
Communication to third parties and categories of recipients
(Article 13, paragraph 1 GDPR)
Categories of recipients
The House of Venus srls
Administrative, accounting and contractual performance-related tasks,
Third Party Suppliers
Provision of services: delivery/shipment of products
Credit and digital payment institutions
Bank/postal institutions Management of receipts, payments, refunds related to the contractual service
External professionals/consultants and consulting firms
Fulfilment of legal obligations, exercise of rights, protection of contractual rights, debt recovery
Financial Administration, Public Bodies, Judicial Authority, Supervisory and Control Authority
Fulfilment of legal obligations, defence of rights; lists and registers kept by public authorities or similar bodies according to specific legislation, in relation to the contractual performance
Persons formally delegated or having a recognised legal title
Legal representatives, curators, guardians, etc.
The Data Controller imposes on its third party suppliers and the Data Processors the respect of security measures equal to those adopted in relation to the interested party, restricting the scope of action of the Data Processor to the processing connected to the requested service. The Data Controller does not transfer your personal data to countries where GDPR is not applied (non-EU countries) unless specifically indicated otherwise, for which you will be informed in advance and if necessary your consent will be requested. The legal basis for such processing is the performance of the services inherent to the relationship established, the respect of legal obligations and the legitimate interest of La Casa di Venere srls to carry out processing necessary for such purposes.
What happens if the interested party does not provide his data identified as necessary for the purposes of the requested service?
(Art. 13, 2nd paragraph, letter e GDPR)
The collection and processing of personal data is necessary to provide the requested services and to supply the requested Product. If the interested party does not provide the personal data expressly provided for as necessary in the order form or in the registration form, the Data Controller will not be able to carry out the processing linked to the management of the services requested and/or the contract and the Products connected to it, nor to the fulfilments that depend on them.
What happens if the interested party does not provide consent to the processing of personal data for commercial promotion activities on Services/Products other than those purchased?
If the interested party does not give his consent to the processing of personal data for such purposes, such processing will not take place for such purposes, without this having any effect on the provision of the services requested, nor for those for which he has already given his consent, if requested.
In the event that the interested party has given his consent and subsequently revokes or opposes the processing for commercial promotion activities, his data will no longer be processed for such activities, without this entailing any consequences or effects prejudicial to the interested party and to the services requested.
How we process the data of the interested party
(art. 32 GDPR)
The Data Controller provides for the use of appropriate security measures in order to preserve the confidentiality, integrity and availability of personal data of the Data Subject and imposes similar security measures on third party suppliers and Managers.
Where we process the data of the Data Subject
The personal data of the interested party are stored in paper, computer and telematic archives located in countries where the GDPR is applied (EU countries).
For how long are the data of the Interested Party stored?
(art. 13, 2nd paragraph, letter a GDPR)
Unless he or she explicitly expresses his or her wish to remove them, the personal data of the interested party will be kept for as long as it is necessary for the legitimate purposes for which it was collected.
In particular, they will be kept for the entire duration of your registration and in any case no longer than a maximum period of 12 (twelve) months of your inactivity, or if, within this period, you are not associated with the Services and/or purchased Products through your registration.
In the case of data provided to the Owner for the purposes of commercial promotion for services other than those already acquired by the interested party, for which he has initially given his consent, these will be kept for 24 months, unless the consent is revoked. In the case of data provided to the Data Controller for profiling purposes, these will be kept for 12 months, unless the consent is revoked.
What are the rights of the interested party?
(articles 15 - 20 GDPR)
The data subject has the right to obtain the following from the data controller:
(a) confirmation as to whether or not personal data concerning him/her are being processed and, if so, to obtain access to the personal data and the following information:
the purposes of the processing;
the categories of personal data concerned;
the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if they are recipients in third countries or international organisations;
where possible, the intended period of retention of personal data or, if that is not possible, the criteria used to determine that period;
the existence of the right of the data subject to request the controller to correct or delete personal data or to object to the processing of personal data concerning him/her;
the right to lodge a complaint with a supervisory authority;
where the data are not collected from the data subject, all available information on their source;
the existence of an automated decision-making process, including profiling, and, at least in such cases, significant information about the logic used and the importance and expected consequences of such processing for the data subject.
the adequate safeguards provided by the third (non-EU) country or an international organisation for the protection of the data that may be transferred
(b) the right to obtain a copy of the personal data undergoing processing, provided that this right does not adversely affect the rights and freedoms of others; in the case of further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs.
(c) the right to obtain from the data controller the rectification of inaccurate personal data relating to him/her without undue delay
d) the right to obtain from the data controller the cancellation of personal data concerning him/her without unjustified delay, if the reasons provided by GDPR in art. 17 exist, including, for example, if they are no longer necessary for the purposes of the processing or if the processing is unlawful, and if the conditions provided for by law are met; and in any case if the processing is not justified by another equally legitimate reason;
e) the right to obtain from the data controller the limitation of the processing, in the cases provided for in art. 18 of the GDPR, for example where you have contested its accuracy, for the period necessary for the Controller to verify its accuracy. The interested party must also be informed, within a reasonable period of time, of when the period of suspension has been completed or the cause of the limitation of treatment has ceased, and therefore the limitation itself revoked;
f) the right to obtain communication from the data controller of the recipients to whom requests for any rectification or cancellation or limitation of the processing carried out have been transmitted, unless this proves impossible or involves a disproportionate effort.
g) the right to receive personal data concerning him/her in a structured, commonly used and machine-readable format and the right to transmit such data to another data controller without hindrance by the data controller to whom he/she has provided them, in the cases provided for by Article 20 of the GDPR, and the right to obtain direct transmission of personal data from one data controller to another, if technically feasible. For any further information and in any case to send your request, please contact the Data Controller at firstname.lastname@example.org.
How and when can the interested party object to the processing of his/her personal data?
(Art. 21 GDPR)
For reasons relating to the particular situation of the Data Subject, the Data Subject may object at any time to the processing of his/her personal data if it is based on a legitimate interest or if it is for commercial promotion activities, by sending the request to the Data Controller at email@example.com. The Data Subject has the right to have his/her personal data deleted if there is no legitimate reason prevailing over the one that gave rise to the request, and in any case if the Data Subject has opposed the processing for commercial promotion activities.
To whom can the Interested Party lodge a complaint?
(Art. 15 GDPR)
Without prejudice to any other action in administrative or judicial proceedings, the interested party may submit a complaint to the supervisory authority competent on Italian territory (Autorità Garante per la protezione dei dati personali) or to the authority that carries out its duties and exercises its powers in the Member State where the violation of the GDPR occurred.
Any update of this Information Notice will be communicated promptly and by appropriate means and will also be communicated if the Data Controller processes the data of the Data Subject for purposes other than those referred to in this Information Notice before proceeding and following the expression of the relative consent of the Data Subject if necessary.
General information, deactivation and management of cookies
Cookies are data that are sent from the website and stored by your internet browser on your computer or other device (e.g. tablet or mobile phone). Technical cookies and third party cookies may be installed by our website or its subdomains.
However, you may manage, i.e. request the general deactivation or deletion of cookies, by changing your internet browser settings. Such deactivation, however, may slow down or prevent access to certain parts of the site.
The settings for managing or disabling cookies may vary depending on the internet browser you are using, so please refer to your device manual or your internet browser's "Help" or "Help" function for more information on how to do this.
Below you will find links explaining how to manage or disable cookies for the most popular internet browsers:
Internet Explorer: http://windows.microsoft.com/it-IT/internet-explorer/delete-manage-cookies
Google Chrome: https://support.google.com/chrome/answer/95647
Mozilla Firefox: http://support.mozilla.org/it/kb/Gestione%20dei%20cookie
The use of technical cookies, i.e. cookies necessary for the transmission of communications over an electronic communication network or cookies strictly necessary for the supplier to provide the service requested by the customer, allows the safe and efficient use of our site. Session cookies may be installed in order to allow access and stay in the reserved area of the portal as an authenticated user.
Technical cookies are essential for the proper functioning of our website and are used to allow users the normal navigation and the possibility to use the advanced services available on our website.
The technical cookies used are divided into session cookies, which are stored exclusively for the duration of navigation until the browser is closed, and persistent cookies which are stored in the memory of the user's device until they expire or are deleted by the user.
Our website uses the following technical cookies
- Technical navigation or session cookies, which are used to manage normal navigation and user authentication;
- Functional technical cookies, used to store customizations chosen by the user, such as, for example, the language;
- Technical analytics cookies, used to learn how users use our website so that we can evaluate and improve how it works.
Third party cookies
These are cookies, analytics and profiling, Google Analytics, Google Doubleclick, Criteo, Rocket Fuel, Youtube, Yahoo, Bing and Facebook.
These cookies are sent from the websites of these third parties outside our site.
Third party analytics cookies are used to collect information about user behavior on the site. The detection is done anonymously in order to monitor performance and improve the usability of the site.
Profiling cookies installed by third parties
are used to create user profiles in order to propose advertising messages in line with the choices made by users. The use of these cookies is governed by the rules prepared by the third parties themselves, therefore, we invite Users to read the privacy policies and instructions to manage or disable cookies published on the following web pages:
For Google Analytics cookies:
directions to manage or disable cookies: https://support.google.com/accounts/answer/61416?hl=it
For Google Doubleclick cookies:
instructions to manage or disable cookies:
For Facebook cookies:
directions to manage or disable cookies: https://www.facebook.com/help/cookies/
For Youtube cookies:
For Yahoo cookies:
For Bing's cookies:
They can be installed by the Owner(s), using so-called web analytics software, profiling cookies, which are used to prepare detailed and real-time analysis reports relating to information on: visitors to a website, search engines of origin, keywords used, language of use, most visited pages.
They may collect information and data such as IP address, nationality, city, date/time, device, browser, operating system, screen resolution, navigation origin, pages visited and number of pages, length of visit, number of visits made.