Privacy Policy

Thank you for your interest in our online shop .

The protection of your privacy and your personal data is something we take very seriously.

Our goal in processing data is only to process personal data when this data is relevant to the sensible and economical use of the offerings in our online shop. Our privacy policy complies with the General Data Protection Regulation (GDPR).

In this document, we provide detailed information on the data we process when you visit our website, and the form in which we process this data. By doing so, we fulfil our obligation to provide information to you in accordance with Art. 13 of the GDPR.

RESPONSIBLE PERSON AND CONTACT DETAILS

SILVIA MADONIA di Silvia Madonia
Discesa Oddo, 9 90034 Corleone (PA)
P.IVA 07037540825
silviamadonia@pec.it

1. PERSONAL DATA

According to the GDPR, personal data means “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.

2. FUNCTIONS OF OUR WEBSITE

In the sections below, we explain which data we process when you use the functions we offer. We also explain the legal basis for the processing of this data, how long we store your data, and which other parties, if any, will receive your data.

a) General use of our website

When you visit our website, we generally only collect and store personal data that you actively provide to us. However, the web service of our host also automatically records visits to our website including, in particular, the IP address of the person visiting the website. Your IP address will not be stored.

To maintain system security, our host also creates log files. These log files include information such as: The date of access, the URL, the content accessed and the information transmitted.

This information is only available to us in an anonymised format and therefore cannot be traced back to individuals.

Your IP address is processed to establish a connection to enable us to provide you with access to our website, in accordance with Art. 6, para. 1(f) of the GDPR. This purpose is classed as a legitimate interest.

Our log files are stored for 30 days.

b) Contact form

We provide a form that enables you to contact us. To use this form, you must provide your email address so that we can respond to your enquiry. You may also provide your name, a subject for your enquiry, and the details of the enquiry itself.

If you contact us via the email address provided on our website, we will obtain your email address and any other information that you include in your email. To enable us to look into your enquiry, we are required to process this data. When you contact us, we will process your data so that we can look into and respond to your enquiry. The legal basis for the processing of this data is Art. 6, para. 1(f) of the GDPR. The aforementioned purpose is classed as a legitimate interest.

We will store your emails and other correspondence with us for as long as required to process your enquiry, plus a further period of three years, in case you contact us again with reference to your original question. This does not apply if the content of your email initiates a contractual relationship with us. In such cases, the retention period will be based on the contract to which the email refers. We will provide a separate explanation of how your data will be processed under the relevant contract.

c) Opening a customer account, purchasing function & reviews

When you open a user account, we will store the required user data, which you provide voluntarily. When you place an order in our online shop, we will automatically create a user account based on your order data. Your order data will be sent to you by email, along with a copy of our General Terms and Conditions. As a registered user, you can view your order data and previous orders in your user account at any time. You can instruct us to delete your user account at any time. We will use the data you provide to fulfil and process your order.

To create a customer account and when you place an order with us, we will collect the following data: Your title, first name(s), surname, email address, password (of your choice), company, house name/number, street and any additional address data, country, postcode, region, telephone number

Your reviews are also linked to your customer account. This enables us to ensure that you can only review products that you have purchased. To provide this function, we collect the following data: Your name, title of your review, your review, your rating (number of stars). At no point will we publish any of the personal data in your account. Your customer account data will be processed solely to provide you with the customer account functions and – if you make a purchase – to process and fulfil your order. This data is also processed based on Art. 6, para. 1(b) of the GDPR. Furthermore, we are obliged by law to store certain types of data, such as invoices, contracts and other information relevant to our accounting processes, for a specific period of time. Data is processed for this purpose based on Art. 6, para. 1(c) of the GDPR and §147 of the German Fiscal Code (AO) and §257 of the German Commercial code (HGB). We will store the data processed in connection with your customer account until you close your customer account. Upon closure, we will store your data for a further three years, in case any claims arise as a result of your legal relationship with us. Personal data contained in contracts or invoices will be stored for a period of 11 years from the end of the year in which you closed your account. Data contained in business correspondence or other documents that is relevant to taxation will be stored for a period of seven years from the end of the year in which you closed your account.

As part of the contract fulfilment process, we will contact you to invite you to review the products you have ordered. The information you provide will be used solely for this purpose and, in particular, will not be used for marketing purposes or passed to third parties. This data is also processed based on Art. 6, para. 1(f) of the GDPR; the aforementioned purpose is classed as a legitimate interest. We will store your review for as long as we continue to sell the product.

Unless you have indicated otherwise, we will use the email address provided when you purchased our merchandise or services to send advertisements, in electronic form, for products or services we offer that are similar to those you previously purchased. You can ask us to refrain from using your email address for this purpose at any time. To do so, contact us using the contact details provided in our legal notice or via the link provided in our advertisement emails. You will not incur any costs aside from the basic charges levied by your telecommunications provider. The legal basis for processing this data is Art. 6, para. 1(f) of the GDPR and Art. 95 of the GDPR and §7, para. 3 of the German Act Against Unfair Competition (UWG). We will store the data required to send you marketing communications until you revoke your consent for us to send marketing communications.

d) Newsletter and Advisory Services

When you register for our newsletter, your email address and your permission is saved and is used exclusively for our own advertising purposes until you request to stop receiving the newsletter. You can request to stop receiving the newsletter at any time this resulting in any costs other than the communications costs based on basic rates.

As a  CHIARO DI LUNA customer, you will receive a free advisory service as well as product recommendations via email. The advisory service as well as product recommendations are provided to every customer, whether they are subscribed to the newsletter or not. With that, we would like to provide you with information about all of our products and offers that suit your order history and might interest you based on what your most recent purchases may have been. We comply with relevant legal requirements as a matter of course. You can request to unsubscribe from our advisory service and product recommendations at any time without incurring costs other than the communications costs based on basic rates. All you need to do is send us a written message to the contact details referred to in paragraph 13 (e.g. email, letter). You will additionally find a cancellation link in each email that you receive.

When you register for our newsletter, your email address and your permission is saved and is used exclusively for our own advertising purposes until you request that delivery of the newsletter be stopped. To do this, we use a so-called “Double Opt-In” process, so we will only send you our email newsletter once you have expressly let us know that is what you want. We send you a confirmation email, in which we request that you click the link contained in said email, which then sends us your confirmation. You can request to cancel at any time without incurring costs other than the communications costs based on basic rates. All you need to do is send us a written message to the contact details referred to in paragraph 13 (e.g. email, letter). You will additionally find a cancellation link in each newsletter that you receive.

The processing is based on Art. 6 para. 1 lit. a) GDPR. We store your data until you revoke your consent.

We use the information that is automatically generated as well as the information you provide us with to constantly improve your shopping experience, protect you against unwanted advertisements and to individually tailor our promotions to your interests. To do this, we solely use the information in its pseudonymous form, so for example, receipt and confirmation of emails being read, your order history, dates and times that you have visited our online store and product pages that you have visited. The analysis and evaluation of this information makes it possible for us to send you promotions tailored to you. Our goal is to make our advertisements more useful and interesting to you. In doing this, we aim to prevent you from receiving unwanted ads and only sending you things that might be of interest to you, for example in the form of newsletters, product recommendation emails, postal advertisements or brochures in packages. If you do not wish to receive any personalised advertisements, you can request to completely stop or tailor them to your wishes at any time without incurring costs other than the communications costs based on basic rates. All you need to do is send us a written message to the contact details referred to in paragraph 13 (e.g. email, letter).

The processing here is based on Art. 6 para. 1 lit. f) GDPR. Our legitimate interest is to promote our products. We store your data for this purpose until you object to its use.

3. RIGHTS OF DATA SUBJECTS

The General Data Protection Regulation guarantees you certain rights, which you can exercise against us if there are legal grounds for you to do so.

  • Art. 15 of the GDPR – Right of access by the data subject: You have the right to obtain confirmation from us as to whether or not personal data concerning you is being processed, and, where that is the case, which data is being processed and how the data is being processed.
  • Art. 16 of the GDPR – Right to rectification: You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
  • Art. 17 of the GDPR – Right to erasure (‘right to be forgotten’): You have the right to obtain from the us the erasure of personal data concerning you without undue delay. Please take note of the exception described under Point II. 4.
  • Art. 18 of the GDPR – Right to restriction of processing: You have the right to obtain from the controller restriction of processing.
  • Art. 20 of the GDPR – Right to data portability: Where we are processing your data based on your consent or to fulfil a contract, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit this data to another controller without hindrance from us, or to have the data transmitted to another controller, either directly or indirectly and insofar as it is technically feasible to do so.
  • Art. 21 of the GDPR – Right to object: You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on our legitimate interests or required in the public interest, or in the exercise of official authority.
    If you object to the processing of your personal data, we will no longer process your personal data unless we can demonstrate that there are compelling grounds to do so which outweigh your interests, rights and freedoms, or where we are required to process your data to file, exercise or defend a legal claim.
    If we process your personal data for direct marketing purposes, you have the right to object to such processing of your data at any time. If you object to the processing of your data for direct marketing purposes, we will no longer process your personal data for this purpose.

If you have granted your consent, you may revoke this consent at any time. In such cases, all data processing that has taken place prior to the revocation of your consent will be deemed legally compliant. To revoke your consent, you may click on the link provided in any email you receive from us to unsubscribe from our email service. You can also change the appropriate setting in your user account or send an email to customerservice@chiarodilunacorleone.it If you send us a message stating that you no longer wish to receive emails from us, we will not send any further emails to the email address you indicate.

4. INTERNET SPECIFIC DATA PROCESSING

Google Analytics

Google LLC (“Google”), 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA

We use Google Analytics on our website. Google Analytics is a web analysis service that optimises the use of our website. The IP address that is communicated from your browser through the use of Google Analytics is not combined with other data from Google. As part of Google’s tracking system, information on products that you have ordered will also be transmitted.

The data sent by us and linked to cookies, user IDs and advertising IDs will be deleted automatically after 36 months. Further information on the terms of use and privacy policy can be found at https://www.google.com/analytics/terms/de.html and https://policies.google.com/?hl=de.

The legal basis for the use of Google Analytics is Art. 6, para. 1(f) of the GDPR.

The following plugin enables you to opt out of Google tracking: http://tools.google.com/dlpage/gaoptout?hl=d

Facebook

Facebook Inc., 1601 South California Avenue, Palo Alto, CA 94304 USA

This website uses the “Custom Audiences” remarketing function provided by Facebook. This function is designed to allow targeted advertising to be displayed to Facebook users who have visited our website (“Facebook ads”). For this purpose, the fact that you have visited this website is communicated to the Facebook server; Facebook then links this information to your personal user account.

Further information is available at: https://www.facebook.com/about/privacy/

The use of this service is based on Art. 6, para. 1(f) of the GDPR. The aforementioned purpose is classed as a legitimate interest.

Click here to revoke your consent for the use of this service.

5. DATA PROCESSING ON SOCIAL MEDIA PLATFORMS

We maintain profiles on several social media networks through which you can get in touch with us. Currently these networks are Facebook, Instagram, Youtube, Pinterest, and WhatsApp. As a general rule, only the respective network operator is responsible under data protection law for all processing of personal data that takes place there, for example when you visit a profile or leave a comment. We ourselves have no knowledge of the data processed by the respective operator or of the individual data processing operations carried out by the operator. This information is not shared with us in an individual-specific format. In this context, like any other user of social networks, we can only access the information you have published in your profile or otherwise made accessible. You can obtain more detailed information on the data processing that takes place on each network at the following addresses:

 

However, you provide us with personal information when you send us a message or leave a post on our site. We use this personal information to respond to your message. To do this, we may import your message from the social network in question into our own processing systems to enable us to respond more efficiently and quickly. For this reason, we may use external IT service providers to respond to your messages.  We store your messages for as long as is necessary to process your request. We then store them for a period of 3 years in case you contact us again with reference to your original question. These purposes also constitute our legitimate interest, in aid of which we carry out this data processing. (Art. 6 para. 1 lit. f) DSG-VO). Special conditions apply to data processing on our Facebook profile page. These can be found in the separate Facebook Privacy Policy.

Document updated on 16/01/2023