When using certain services, users will be provided with specific and detailed privacy notices in accordance to Articles 13 and/or 14 of GDPR.
1. DATA CONTROLLER
2. PLACE OF DATA PROCESSING
The personal data is processed at the premises of (Company).
PERSONAL DATA PROCESSED
a) Personal data processed for the purposes of Website operation
Information systems and software procedures used to operate the Website acquire, during the normal course of operation, some personal data whose transmission is implicit in the communication protocols of the Internet.
It concerns information that is not collected to be associated with specific individuals, but by their own very nature could, through the processing and association with data held by third parties, allow users to be identified.
This category of data includes IP addresses or domain names of computers used by users who connect to the Website and the App, URI addresses (Uniform Resource Identifier) of requested resources, the time of the request, the method utilized to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response from the server (successful, error, etc.) and other parameters related to the operating system and the users.
When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address and email address. When you browse our store, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system. Email marketing (if applicable): With your permission, we may send you emails about our store, new products and other updates. When you provide us with personal information we will use it to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we are collecting it and using it for that specific reason only. If we ask for your personal information for a secondary reason, like marketing, we will ask you directly for your expressed consent, andprovide you with an opportunity to sayopt-out as described below.
If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at anytime, by contacting us at [email protected]
How do I withdraw my consent?
We may disclose your personal information if we are required by law to do so or if you violate our Terms and conditions.
Information collected in this way could be used for ascertaining responsibility in case of any computer-related offences that damage the Website and the App.
b) Data provided by users directly
The optional, explicit and voluntary mailing of data as requested by the various sections of this Website and of the App are used for the purpose of processing the user’s requests (including but not limited to: cases in which information or clarification is requested by writing to the e-mail addresses found on the Website and on the App).
Specific summary information dedicated to particular services on request will be provided or displayed on the Website pages and on the App.
BILEVI operates in order to store the personal data for the minor period of time as needed by the service provided to Customer or as asked by the applicable law. For each service asked by customer BILEVI will provide a specific privacy notice, with a detail of the period for which the personal data will be stored or the criteria used to determine that period.
5. LEGAL BASIS FOR DATA PROCESSING
The data shall be processed on the base of different legal basis of processing, in accordance with the type of service provided by BILEVI. For each service asked by customer BILEVI will provide a specific privacy notice with a detail of the applicable ground of processing.
DATA PROCESSING PURPOSE
Data collected during browsing are used in order to obtain anonymous statistical information on the use of the Website and to monitor its correct functioning.
a) Legal basis for data processing
Personal Data shall only be processed insofar as processing is necessary for the website operation and to improve the experience of online applications.
b) Data retention period
Throughout the session on the Website.
After the above retention terms have expired, the Data will be destroyed, erased or anonymized, consistent with the technical procedures of erasure and backup.
DATA PROVISION COMPULSORINESS
Excluding the browsing data, required to implement IT protocols, the provision of personal data by users is free and optional. However, failing to provide such data will make it impossible to carry out the requests made or intended to by the user
Personal data may be communicated to parties acting as data controllers (such as supervisory bodies and authorities and public organisations authorised to request data) or processed on behalf of the Company by parties appointed as data processors, who are provided with suitable operating instructions. These parties include the following categories:
a) companies belonging to Bilevi, working as data processors or for administrative and accounting purposes (e.g. purposes connected with internal, administrative, financial and accounting activities);
b) natural and/or legal persons providing different services to the Company (e.g. suppliers of services for the management of the Website, such as system outsourcers, companies that provide connectivity services to the Internet, etc.). Such parties may also work as Data Processors;
c) parties and/or public and private entities the data will be communicated to for the purposes of fulfilling or enforcing the fulfillment of specific obligations provided for by laws, regulations and EU legislation. These subjects will operate as autonomous Data Controllers or Data Processors.
PARTIES AUTHORISED TO PROCESS DATA
The data is processed by individuals with appropriate technical skills, employees, collaborators of the Company or external parties, in their capacity as processors and officers, performing on behalf of the Company technical and organizational tasks on the Website.
PERSONAL DATA TRANSFERS OUTSIDE THE EU
The data may be transferred to non-EU Countries, in particular to:
a) Extra UE Countries whose data protection level is deemed adequate by the European Commission in accordance with article 45 of the GDPR;
b) Extra UE Countries other than those referred to in the preceding paragraph a), after signing Standard Contractual Clauses adopted/approved by the European Commission in accordance with article 46, 2, letters c) and d) of the GDPR.
A copy of the above mentioned safeguards can be obtained sending a specific request to the Controller, according to the modalities specified in the following paragraph “Data Subject’s rights – Complaint to the Supervisory Authority”.
DATA SUBJECTS’ RIGHTS – COMPLAINT TO THE SUPERVISORY AUTHORITY
We also inform you that, under provisions of GDPR, on the base of lawfulness of processing and of the modalities of processing, if the conditions are met, you have the following rights: access to and rectification or erasure of personal data or the restriction of processing concerning your data or to object to processing as well as the right to data portability. Furthermore, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before this withdrawal. Data subjects have the right to lodge a complaint to the competent Supervisory Authority in the member state where they are resident or where they work, or the member state where the alleged breach took place.
12. DATA PROTECTION OFFICER
For any questions regarding the processing of your personal data, please contact our Data Protection Officer, using the following contact:
e-mail: [email protected]